@lucern/events 0.3.0-alpha.9 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -2
- package/dist/index.js +3456 -393
- package/dist/index.js.map +1 -1
- package/dist/outbox.js +3458 -395
- package/dist/outbox.js.map +1 -1
- package/dist/types.js +3458 -395
- package/dist/types.js.map +1 -1
- package/dist/webhooks.js +3456 -393
- package/dist/webhooks.js.map +1 -1
- package/package.json +2 -2
package/dist/index.js
CHANGED
|
@@ -26,6 +26,20 @@ function matchesAnyEventPattern(eventType, patterns) {
|
|
|
26
26
|
return patterns.some((pattern) => matchesEventPattern(eventType, pattern));
|
|
27
27
|
}
|
|
28
28
|
|
|
29
|
+
// ../contracts/src/types/reasoning-method.ts
|
|
30
|
+
var REASONING_METHODS = [
|
|
31
|
+
"deductive",
|
|
32
|
+
"inductive",
|
|
33
|
+
"abductive",
|
|
34
|
+
"analogical",
|
|
35
|
+
"causal",
|
|
36
|
+
"correlational",
|
|
37
|
+
"testimonial",
|
|
38
|
+
"statistical",
|
|
39
|
+
"implicit",
|
|
40
|
+
"pattern_match"
|
|
41
|
+
];
|
|
42
|
+
|
|
29
43
|
// ../contracts/src/graph-intelligence.contract.ts
|
|
30
44
|
var GRAPH_INTELLIGENCE_MODE_TOOL_NAMES = {
|
|
31
45
|
core: [
|
|
@@ -847,7 +861,7 @@ defineTable({
|
|
|
847
861
|
});
|
|
848
862
|
defineTable({
|
|
849
863
|
name: "agents",
|
|
850
|
-
component: "
|
|
864
|
+
component: "control-plane",
|
|
851
865
|
category: "agent",
|
|
852
866
|
shape: z.object({
|
|
853
867
|
"slug": z.string(),
|
|
@@ -878,6 +892,8 @@ defineTable({
|
|
|
878
892
|
category: "tenant",
|
|
879
893
|
shape: z.object({
|
|
880
894
|
"tenantId": idOf("tenants"),
|
|
895
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
896
|
+
"environment": z.enum(["dev", "staging", "prod"]).optional(),
|
|
881
897
|
"keyPrefix": z.enum(["luc", "stk"]),
|
|
882
898
|
"keyHash": z.string(),
|
|
883
899
|
"keyHint": z.string(),
|
|
@@ -905,7 +921,7 @@ defineTable({
|
|
|
905
921
|
shape: z.object({
|
|
906
922
|
"tenantId": idOf("tenants").optional(),
|
|
907
923
|
"apiKeyId": idOf("apiKeys").optional(),
|
|
908
|
-
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
924
|
+
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "tenant_clerk_organization_linked", "tenant_canonical_identity_repaired", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
909
925
|
"actorClerkId": z.string(),
|
|
910
926
|
"details": z.any().optional(),
|
|
911
927
|
"createdAt": z.number()
|
|
@@ -1129,6 +1145,35 @@ defineTable({
|
|
|
1129
1145
|
{ kind: "index", name: "by_source", columns: ["source"] }
|
|
1130
1146
|
]
|
|
1131
1147
|
});
|
|
1148
|
+
defineTable({
|
|
1149
|
+
name: "domainEvents",
|
|
1150
|
+
component: "kernel",
|
|
1151
|
+
category: "events",
|
|
1152
|
+
shape: z.object({
|
|
1153
|
+
"eventId": z.string(),
|
|
1154
|
+
"type": z.string(),
|
|
1155
|
+
"version": z.string(),
|
|
1156
|
+
"timestamp": z.number(),
|
|
1157
|
+
"tenantId": z.string().optional(),
|
|
1158
|
+
"workspaceId": z.string().optional(),
|
|
1159
|
+
"topicId": z.string(),
|
|
1160
|
+
"resourceId": z.string(),
|
|
1161
|
+
"resourceType": z.string(),
|
|
1162
|
+
"actorId": z.string(),
|
|
1163
|
+
"actorType": z.enum(["human", "agent", "service"]),
|
|
1164
|
+
"data": z.record(z.any()),
|
|
1165
|
+
"correlationId": z.string().optional(),
|
|
1166
|
+
"expiresAt": z.number()
|
|
1167
|
+
}),
|
|
1168
|
+
indices: [
|
|
1169
|
+
{ kind: "index", name: "by_eventId", columns: ["eventId"] },
|
|
1170
|
+
{ kind: "index", name: "by_topic_timestamp", columns: ["topicId", "timestamp"] },
|
|
1171
|
+
{ kind: "index", name: "by_tenant_workspace_timestamp", columns: ["tenantId", "workspaceId", "timestamp"] },
|
|
1172
|
+
{ kind: "index", name: "by_type_timestamp", columns: ["type", "timestamp"] },
|
|
1173
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId", "timestamp"] },
|
|
1174
|
+
{ kind: "index", name: "by_expiresAt", columns: ["expiresAt"] }
|
|
1175
|
+
]
|
|
1176
|
+
});
|
|
1132
1177
|
defineTable({
|
|
1133
1178
|
name: "beliefConfidence",
|
|
1134
1179
|
component: "kernel",
|
|
@@ -1784,29 +1829,37 @@ defineTable({
|
|
|
1784
1829
|
component: "mc",
|
|
1785
1830
|
category: "runtime",
|
|
1786
1831
|
shape: z.object({
|
|
1787
|
-
|
|
1788
|
-
|
|
1789
|
-
|
|
1790
|
-
|
|
1791
|
-
|
|
1792
|
-
|
|
1793
|
-
|
|
1794
|
-
|
|
1795
|
-
|
|
1796
|
-
|
|
1797
|
-
|
|
1798
|
-
|
|
1799
|
-
|
|
1832
|
+
shimId: z.string(),
|
|
1833
|
+
gateId: z.string(),
|
|
1834
|
+
removalDate: z.string(),
|
|
1835
|
+
removalPriority: z.enum(["P1", "P2", "P3"]),
|
|
1836
|
+
description: z.string(),
|
|
1837
|
+
owner: z.string(),
|
|
1838
|
+
createdAt: z.string(),
|
|
1839
|
+
status: z.enum(["active", "overdue", "removed"]),
|
|
1840
|
+
bridgeType: z.enum(["tool", "agent"]),
|
|
1841
|
+
bridgeTarget: z.object({
|
|
1842
|
+
type: z.enum(["tool", "agent"]),
|
|
1843
|
+
legacyPath: z.string(),
|
|
1844
|
+
harnessPath: z.string()
|
|
1800
1845
|
}),
|
|
1801
|
-
|
|
1802
|
-
|
|
1803
|
-
|
|
1804
|
-
|
|
1846
|
+
shimBehavior: z.enum([
|
|
1847
|
+
"passthrough_with_logging",
|
|
1848
|
+
"adapter",
|
|
1849
|
+
"feature_flag_gate"
|
|
1850
|
+
]),
|
|
1851
|
+
producesLedgerEntries: z.boolean(),
|
|
1852
|
+
lastAuditedAt: z.number(),
|
|
1853
|
+
metadata: z.record(z.any()).optional()
|
|
1805
1854
|
}),
|
|
1806
1855
|
indices: [
|
|
1807
1856
|
{ kind: "index", name: "by_shimId", columns: ["shimId"] },
|
|
1808
1857
|
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1809
|
-
{
|
|
1858
|
+
{
|
|
1859
|
+
kind: "index",
|
|
1860
|
+
name: "by_bridgeType_status",
|
|
1861
|
+
columns: ["bridgeType", "status"]
|
|
1862
|
+
}
|
|
1810
1863
|
]
|
|
1811
1864
|
});
|
|
1812
1865
|
defineTable({
|
|
@@ -1814,12 +1867,23 @@ defineTable({
|
|
|
1814
1867
|
component: "mc",
|
|
1815
1868
|
category: "runtime",
|
|
1816
1869
|
shape: z.object({
|
|
1817
|
-
|
|
1818
|
-
|
|
1819
|
-
|
|
1820
|
-
|
|
1821
|
-
|
|
1822
|
-
|
|
1870
|
+
domain: z.enum([
|
|
1871
|
+
"graph",
|
|
1872
|
+
"schema",
|
|
1873
|
+
"identity",
|
|
1874
|
+
"policy",
|
|
1875
|
+
"audit",
|
|
1876
|
+
"admin",
|
|
1877
|
+
"agent",
|
|
1878
|
+
"tool",
|
|
1879
|
+
"prompt",
|
|
1880
|
+
"intelligence"
|
|
1881
|
+
]),
|
|
1882
|
+
state: z.enum(["legacy", "cutover", "disabled"]),
|
|
1883
|
+
metadata: z.record(z.any()).optional(),
|
|
1884
|
+
updatedBy: z.string(),
|
|
1885
|
+
createdAt: z.number(),
|
|
1886
|
+
updatedAt: z.number()
|
|
1823
1887
|
}),
|
|
1824
1888
|
indices: [
|
|
1825
1889
|
{ kind: "index", name: "by_domain", columns: ["domain"] },
|
|
@@ -1831,57 +1895,193 @@ defineTable({
|
|
|
1831
1895
|
component: "mc",
|
|
1832
1896
|
category: "runtime",
|
|
1833
1897
|
shape: z.object({
|
|
1834
|
-
|
|
1835
|
-
|
|
1836
|
-
|
|
1837
|
-
|
|
1838
|
-
|
|
1839
|
-
|
|
1840
|
-
|
|
1841
|
-
|
|
1842
|
-
|
|
1843
|
-
|
|
1844
|
-
|
|
1845
|
-
|
|
1846
|
-
|
|
1847
|
-
|
|
1848
|
-
|
|
1849
|
-
|
|
1850
|
-
|
|
1898
|
+
credentialRef: z.string(),
|
|
1899
|
+
tenantId: idOf("tenants"),
|
|
1900
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1901
|
+
target: z.enum(["kernelDeployment", "appDeployment"]),
|
|
1902
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
1903
|
+
encryptedDeployKey: z.string(),
|
|
1904
|
+
encryptionVersion: z.string(),
|
|
1905
|
+
keyFingerprint: z.string(),
|
|
1906
|
+
keyHint: z.string(),
|
|
1907
|
+
status: z.enum(["active", "revoked"]),
|
|
1908
|
+
rotatedFromCredentialRef: z.string().optional(),
|
|
1909
|
+
revokedAt: z.number().optional(),
|
|
1910
|
+
revokedBy: z.string().optional(),
|
|
1911
|
+
lastUsedAt: z.number().optional(),
|
|
1912
|
+
metadata: z.record(z.any()).optional(),
|
|
1913
|
+
createdBy: z.string(),
|
|
1914
|
+
createdAt: z.number(),
|
|
1915
|
+
updatedAt: z.number()
|
|
1851
1916
|
}),
|
|
1852
1917
|
indices: [
|
|
1853
1918
|
{ kind: "index", name: "by_credentialRef", columns: ["credentialRef"] },
|
|
1854
1919
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1855
|
-
{ kind: "index", name: "
|
|
1856
|
-
{
|
|
1857
|
-
|
|
1920
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
1921
|
+
{
|
|
1922
|
+
kind: "index",
|
|
1923
|
+
name: "by_tenant_target",
|
|
1924
|
+
columns: ["tenantId", "target"]
|
|
1925
|
+
},
|
|
1926
|
+
{
|
|
1927
|
+
kind: "index",
|
|
1928
|
+
name: "by_tenant_target_environment",
|
|
1929
|
+
columns: ["tenantId", "target", "environment"]
|
|
1930
|
+
},
|
|
1931
|
+
{
|
|
1932
|
+
kind: "index",
|
|
1933
|
+
name: "by_tenant_target_environment_status",
|
|
1934
|
+
columns: ["tenantId", "target", "environment", "status"]
|
|
1935
|
+
},
|
|
1936
|
+
{
|
|
1937
|
+
kind: "index",
|
|
1938
|
+
name: "by_tenant_workspace_target_environment_status",
|
|
1939
|
+
columns: ["tenantId", "workspaceId", "target", "environment", "status"]
|
|
1940
|
+
},
|
|
1858
1941
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1859
1942
|
]
|
|
1860
1943
|
});
|
|
1944
|
+
defineTable({
|
|
1945
|
+
name: "permitSyncStates",
|
|
1946
|
+
component: "mc",
|
|
1947
|
+
category: "runtime",
|
|
1948
|
+
shape: z.object({
|
|
1949
|
+
syncKey: z.string(),
|
|
1950
|
+
objectType: z.enum([
|
|
1951
|
+
"resource",
|
|
1952
|
+
"role",
|
|
1953
|
+
"resource_role",
|
|
1954
|
+
"resource_relation",
|
|
1955
|
+
"tenant",
|
|
1956
|
+
"workspace",
|
|
1957
|
+
"principal",
|
|
1958
|
+
"membership",
|
|
1959
|
+
"group",
|
|
1960
|
+
"resource_instance",
|
|
1961
|
+
"relationship_tuple",
|
|
1962
|
+
"role_assignment"
|
|
1963
|
+
]),
|
|
1964
|
+
objectId: z.string(),
|
|
1965
|
+
tenantId: idOf("tenants").optional(),
|
|
1966
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1967
|
+
principalId: z.string().optional(),
|
|
1968
|
+
permitTenantKey: z.string().optional(),
|
|
1969
|
+
permitResourceType: z.string().optional(),
|
|
1970
|
+
permitResourceKey: z.string().optional(),
|
|
1971
|
+
desiredPayload: z.record(z.any()),
|
|
1972
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
1973
|
+
status: z.enum(["pending", "synced", "error", "skipped"]),
|
|
1974
|
+
attemptCount: z.number(),
|
|
1975
|
+
lastError: z.string().optional(),
|
|
1976
|
+
nextAttemptAt: z.number().optional(),
|
|
1977
|
+
lastSyncedAt: z.number().optional(),
|
|
1978
|
+
createdBy: z.string(),
|
|
1979
|
+
updatedBy: z.string().optional(),
|
|
1980
|
+
createdAt: z.number(),
|
|
1981
|
+
updatedAt: z.number()
|
|
1982
|
+
}),
|
|
1983
|
+
indices: [
|
|
1984
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
1985
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1986
|
+
{
|
|
1987
|
+
kind: "index",
|
|
1988
|
+
name: "by_tenant_status",
|
|
1989
|
+
columns: ["tenantId", "status"]
|
|
1990
|
+
},
|
|
1991
|
+
{
|
|
1992
|
+
kind: "index",
|
|
1993
|
+
name: "by_workspace_status",
|
|
1994
|
+
columns: ["workspaceId", "status"]
|
|
1995
|
+
},
|
|
1996
|
+
{
|
|
1997
|
+
kind: "index",
|
|
1998
|
+
name: "by_principal_status",
|
|
1999
|
+
columns: ["principalId", "status"]
|
|
2000
|
+
}
|
|
2001
|
+
]
|
|
2002
|
+
});
|
|
2003
|
+
defineTable({
|
|
2004
|
+
name: "secretSyncDriftReports",
|
|
2005
|
+
component: "mc",
|
|
2006
|
+
category: "runtime",
|
|
2007
|
+
shape: z.object({
|
|
2008
|
+
reportId: z.string(),
|
|
2009
|
+
source: z.enum(["infisical_manifest", "manual", "ci"]),
|
|
2010
|
+
generatedAt: z.number(),
|
|
2011
|
+
recordedAt: z.number(),
|
|
2012
|
+
recordedBy: z.string(),
|
|
2013
|
+
status: z.enum([
|
|
2014
|
+
"in_sync",
|
|
2015
|
+
"drift",
|
|
2016
|
+
"exception",
|
|
2017
|
+
"blocked",
|
|
2018
|
+
"not_observed"
|
|
2019
|
+
]),
|
|
2020
|
+
reportHash: z.string(),
|
|
2021
|
+
manifestHash: z.string().optional(),
|
|
2022
|
+
dryRunReceiptId: z.string().optional(),
|
|
2023
|
+
appliedReceiptId: z.string().optional(),
|
|
2024
|
+
summary: z.object({
|
|
2025
|
+
totalPipelines: z.number(),
|
|
2026
|
+
inSync: z.number(),
|
|
2027
|
+
drift: z.number(),
|
|
2028
|
+
exception: z.number(),
|
|
2029
|
+
blocked: z.number(),
|
|
2030
|
+
notObserved: z.number(),
|
|
2031
|
+
missingKeys: z.number(),
|
|
2032
|
+
valueDriftKeys: z.number(),
|
|
2033
|
+
extraKeys: z.number(),
|
|
2034
|
+
deniedConvexLeakage: z.number(),
|
|
2035
|
+
approvedExceptions: z.number()
|
|
2036
|
+
}),
|
|
2037
|
+
redactedReport: z.record(z.any()),
|
|
2038
|
+
metadata: z.record(z.any()).optional()
|
|
2039
|
+
}),
|
|
2040
|
+
indices: [
|
|
2041
|
+
{ kind: "index", name: "by_reportId", columns: ["reportId"] },
|
|
2042
|
+
{ kind: "index", name: "by_reportHash", columns: ["reportHash"] },
|
|
2043
|
+
{ kind: "index", name: "by_generatedAt", columns: ["generatedAt"] },
|
|
2044
|
+
{
|
|
2045
|
+
kind: "index",
|
|
2046
|
+
name: "by_status_generatedAt",
|
|
2047
|
+
columns: ["status", "generatedAt"]
|
|
2048
|
+
}
|
|
2049
|
+
]
|
|
2050
|
+
});
|
|
1861
2051
|
defineTable({
|
|
1862
2052
|
name: "controlPlaneTenantModelSlotBindings",
|
|
1863
2053
|
component: "mc",
|
|
1864
2054
|
category: "runtime",
|
|
1865
2055
|
shape: z.object({
|
|
1866
|
-
|
|
1867
|
-
|
|
1868
|
-
"
|
|
1869
|
-
|
|
1870
|
-
|
|
1871
|
-
|
|
1872
|
-
|
|
1873
|
-
|
|
1874
|
-
|
|
1875
|
-
|
|
1876
|
-
|
|
1877
|
-
|
|
1878
|
-
|
|
2056
|
+
bindingId: z.string(),
|
|
2057
|
+
tenantId: idOf("tenants"),
|
|
2058
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2059
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
2060
|
+
providerId: z.string(),
|
|
2061
|
+
modelSlotId: z.string(),
|
|
2062
|
+
secretRef: z.string(),
|
|
2063
|
+
status: z.enum(["active", "revoked"]),
|
|
2064
|
+
passThroughOnly: z.boolean(),
|
|
2065
|
+
revokedAt: z.number().optional(),
|
|
2066
|
+
revokedBy: z.string().optional(),
|
|
2067
|
+
metadata: z.record(z.any()).optional(),
|
|
2068
|
+
createdBy: z.string(),
|
|
2069
|
+
createdAt: z.number(),
|
|
2070
|
+
updatedAt: z.number()
|
|
1879
2071
|
}),
|
|
1880
2072
|
indices: [
|
|
1881
2073
|
{ kind: "index", name: "by_bindingId", columns: ["bindingId"] },
|
|
1882
2074
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1883
|
-
{
|
|
1884
|
-
|
|
2075
|
+
{
|
|
2076
|
+
kind: "index",
|
|
2077
|
+
name: "by_tenant_slot",
|
|
2078
|
+
columns: ["tenantId", "modelSlotId"]
|
|
2079
|
+
},
|
|
2080
|
+
{
|
|
2081
|
+
kind: "index",
|
|
2082
|
+
name: "by_tenant_provider_slot",
|
|
2083
|
+
columns: ["tenantId", "providerId", "modelSlotId"]
|
|
2084
|
+
},
|
|
1885
2085
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1886
2086
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1887
2087
|
]
|
|
@@ -1891,29 +2091,42 @@ defineTable({
|
|
|
1891
2091
|
component: "mc",
|
|
1892
2092
|
category: "runtime",
|
|
1893
2093
|
shape: z.object({
|
|
1894
|
-
|
|
1895
|
-
|
|
1896
|
-
"
|
|
1897
|
-
|
|
1898
|
-
|
|
1899
|
-
|
|
1900
|
-
|
|
1901
|
-
|
|
1902
|
-
|
|
1903
|
-
|
|
1904
|
-
|
|
1905
|
-
|
|
1906
|
-
|
|
1907
|
-
|
|
1908
|
-
|
|
1909
|
-
|
|
1910
|
-
|
|
2094
|
+
secretRef: z.string(),
|
|
2095
|
+
tenantId: idOf("tenants"),
|
|
2096
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2097
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
2098
|
+
providerId: z.string(),
|
|
2099
|
+
label: z.string().optional(),
|
|
2100
|
+
encryptedSecret: z.string().optional(),
|
|
2101
|
+
infisicalPath: z.string().optional(),
|
|
2102
|
+
infisicalSecretKey: z.string().optional(),
|
|
2103
|
+
infisicalProjectId: z.string().optional(),
|
|
2104
|
+
encryptionVersion: z.string(),
|
|
2105
|
+
secretFingerprint: z.string(),
|
|
2106
|
+
keyHint: z.string(),
|
|
2107
|
+
status: z.enum(["active", "revoked"]),
|
|
2108
|
+
rotatedFromSecretRef: z.string().optional(),
|
|
2109
|
+
revokedAt: z.number().optional(),
|
|
2110
|
+
revokedBy: z.string().optional(),
|
|
2111
|
+
lastUsedAt: z.number().optional(),
|
|
2112
|
+
metadata: z.record(z.any()).optional(),
|
|
2113
|
+
createdBy: z.string(),
|
|
2114
|
+
createdAt: z.number(),
|
|
2115
|
+
updatedAt: z.number()
|
|
1911
2116
|
}),
|
|
1912
2117
|
indices: [
|
|
1913
2118
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1914
2119
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1915
|
-
{
|
|
1916
|
-
|
|
2120
|
+
{
|
|
2121
|
+
kind: "index",
|
|
2122
|
+
name: "by_tenant_provider",
|
|
2123
|
+
columns: ["tenantId", "providerId"]
|
|
2124
|
+
},
|
|
2125
|
+
{
|
|
2126
|
+
kind: "index",
|
|
2127
|
+
name: "by_tenant_provider_status",
|
|
2128
|
+
columns: ["tenantId", "providerId", "status"]
|
|
2129
|
+
},
|
|
1917
2130
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1918
2131
|
]
|
|
1919
2132
|
});
|
|
@@ -1922,35 +2135,93 @@ defineTable({
|
|
|
1922
2135
|
component: "mc",
|
|
1923
2136
|
category: "runtime",
|
|
1924
2137
|
shape: z.object({
|
|
1925
|
-
|
|
1926
|
-
|
|
1927
|
-
|
|
1928
|
-
|
|
1929
|
-
|
|
1930
|
-
|
|
1931
|
-
|
|
1932
|
-
|
|
1933
|
-
|
|
1934
|
-
|
|
1935
|
-
|
|
1936
|
-
|
|
1937
|
-
|
|
1938
|
-
|
|
1939
|
-
|
|
1940
|
-
|
|
1941
|
-
|
|
1942
|
-
|
|
1943
|
-
|
|
1944
|
-
|
|
1945
|
-
|
|
1946
|
-
|
|
2138
|
+
usageId: z.string(),
|
|
2139
|
+
tenantId: idOf("tenants"),
|
|
2140
|
+
providerId: z.string(),
|
|
2141
|
+
modelSlotId: z.string(),
|
|
2142
|
+
secretRef: z.string(),
|
|
2143
|
+
proxyTokenId: z.string(),
|
|
2144
|
+
sessionId: z.string(),
|
|
2145
|
+
principalId: z.string(),
|
|
2146
|
+
workspaceId: z.string().optional(),
|
|
2147
|
+
modelId: z.string().optional(),
|
|
2148
|
+
requestPath: z.string(),
|
|
2149
|
+
status: z.enum(["success", "error"]),
|
|
2150
|
+
responseStatus: z.number().optional(),
|
|
2151
|
+
inputTokens: z.number().optional(),
|
|
2152
|
+
outputTokens: z.number().optional(),
|
|
2153
|
+
tokenCount: z.number().optional(),
|
|
2154
|
+
latencyMs: z.number(),
|
|
2155
|
+
estimatedCostUsd: z.number().optional(),
|
|
2156
|
+
failureCode: z.string().optional(),
|
|
2157
|
+
metadata: z.record(z.any()).optional(),
|
|
2158
|
+
createdAt: z.number(),
|
|
2159
|
+
updatedAt: z.number()
|
|
1947
2160
|
}),
|
|
1948
2161
|
indices: [
|
|
1949
2162
|
{ kind: "index", name: "by_usageId", columns: ["usageId"] },
|
|
1950
2163
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
1951
|
-
{
|
|
1952
|
-
|
|
1953
|
-
|
|
2164
|
+
{
|
|
2165
|
+
kind: "index",
|
|
2166
|
+
name: "by_tenant_provider",
|
|
2167
|
+
columns: ["tenantId", "providerId", "createdAt"]
|
|
2168
|
+
},
|
|
2169
|
+
{
|
|
2170
|
+
kind: "index",
|
|
2171
|
+
name: "by_proxyTokenId",
|
|
2172
|
+
columns: ["proxyTokenId", "createdAt"]
|
|
2173
|
+
},
|
|
2174
|
+
{
|
|
2175
|
+
kind: "index",
|
|
2176
|
+
name: "by_sessionId",
|
|
2177
|
+
columns: ["sessionId", "createdAt"]
|
|
2178
|
+
}
|
|
2179
|
+
]
|
|
2180
|
+
});
|
|
2181
|
+
defineTable({
|
|
2182
|
+
name: "controlPlaneTenantProxyTokenLeases",
|
|
2183
|
+
component: "mc",
|
|
2184
|
+
category: "runtime",
|
|
2185
|
+
shape: z.object({
|
|
2186
|
+
leaseId: z.string(),
|
|
2187
|
+
proxyTokenId: z.string(),
|
|
2188
|
+
tenantId: idOf("tenants"),
|
|
2189
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2190
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
2191
|
+
providerId: z.string(),
|
|
2192
|
+
modelSlotId: z.string(),
|
|
2193
|
+
bindingId: z.string(),
|
|
2194
|
+
secretRef: z.string(),
|
|
2195
|
+
sessionId: z.string(),
|
|
2196
|
+
principalId: z.string(),
|
|
2197
|
+
agentSessionId: z.string().optional(),
|
|
2198
|
+
status: z.enum(["active", "revoked"]),
|
|
2199
|
+
expiresAt: z.number(),
|
|
2200
|
+
renewedAt: z.number().optional(),
|
|
2201
|
+
revokedAt: z.number().optional(),
|
|
2202
|
+
revokedBy: z.string().optional(),
|
|
2203
|
+
revokeReason: z.string().optional(),
|
|
2204
|
+
permitDecisionLogId: idOf("policyDecisionLogs").optional(),
|
|
2205
|
+
permitTraceId: z.string().optional(),
|
|
2206
|
+
metadata: z.record(z.any()).optional(),
|
|
2207
|
+
createdAt: z.number(),
|
|
2208
|
+
updatedAt: z.number()
|
|
2209
|
+
}),
|
|
2210
|
+
indices: [
|
|
2211
|
+
{ kind: "index", name: "by_leaseId", columns: ["leaseId"] },
|
|
2212
|
+
{ kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId"] },
|
|
2213
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
2214
|
+
{ kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] },
|
|
2215
|
+
{
|
|
2216
|
+
kind: "index",
|
|
2217
|
+
name: "by_principalId",
|
|
2218
|
+
columns: ["principalId", "createdAt"]
|
|
2219
|
+
},
|
|
2220
|
+
{
|
|
2221
|
+
kind: "index",
|
|
2222
|
+
name: "by_status_expiresAt",
|
|
2223
|
+
columns: ["status", "expiresAt"]
|
|
2224
|
+
}
|
|
1954
2225
|
]
|
|
1955
2226
|
});
|
|
1956
2227
|
defineTable({
|
|
@@ -2283,6 +2554,7 @@ defineTable({
|
|
|
2283
2554
|
"questionType": z.enum(["validation", "falsification", "assumption_probe", "prediction_test", "counterfactual", "discovery", "clarification", "comparison", "causal", "mechanism", "general"]).optional(),
|
|
2284
2555
|
"questionPriority": z.enum(["critical", "high", "medium", "low"]).optional(),
|
|
2285
2556
|
"answerQuality": z.enum(["definitive", "strong", "moderate", "weak", "speculative", "unanswered"]).optional(),
|
|
2557
|
+
"themeStatus": z.enum(["emerging", "active", "mature", "declining", "archived"]).optional(),
|
|
2286
2558
|
"themeConviction": z.enum(["high", "medium", "low", "negative"]).optional(),
|
|
2287
2559
|
"decisionType": z.enum(["invest", "pass", "follow_on", "exit", "deep_dive", "monitor", "deprioritize", "thesis_adopt", "thesis_revise", "thesis_abandon"]).optional(),
|
|
2288
2560
|
"decisionOutcome": z.enum(["pending", "successful", "unsuccessful", "mixed", "unknown"]).optional(),
|
|
@@ -2433,6 +2705,7 @@ defineTable({
|
|
|
2433
2705
|
indices: [
|
|
2434
2706
|
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2435
2707
|
{ kind: "index", name: "by_principal_tenant", columns: ["principalId", "tenantId"] },
|
|
2708
|
+
{ kind: "index", name: "by_principal_tenant_workspace", columns: ["principalId", "tenantId", "workspaceId"] },
|
|
2436
2709
|
{ kind: "index", name: "by_workspace_principal", columns: ["workspaceId", "principalId"] },
|
|
2437
2710
|
{ kind: "index", name: "by_tenant_role", columns: ["tenantId", "role"] },
|
|
2438
2711
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
@@ -2464,6 +2737,36 @@ defineTable({
|
|
|
2464
2737
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
2465
2738
|
]
|
|
2466
2739
|
});
|
|
2740
|
+
defineTable({
|
|
2741
|
+
name: "principalIdentityAliases",
|
|
2742
|
+
component: "mc",
|
|
2743
|
+
category: "identity",
|
|
2744
|
+
shape: z.object({
|
|
2745
|
+
"principalId": z.string(),
|
|
2746
|
+
"principalRefId": idOf("principals").optional(),
|
|
2747
|
+
"provider": z.string(),
|
|
2748
|
+
"providerProjectId": z.string().optional(),
|
|
2749
|
+
"externalSubjectId": z.string(),
|
|
2750
|
+
"tenantId": idOf("tenants").optional(),
|
|
2751
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
2752
|
+
"email": z.string().optional(),
|
|
2753
|
+
"status": z.enum(["active", "revoked"]),
|
|
2754
|
+
"metadata": z.record(z.any()).optional(),
|
|
2755
|
+
"createdBy": z.string(),
|
|
2756
|
+
"revokedAt": z.number().optional(),
|
|
2757
|
+
"revokedBy": z.string().optional(),
|
|
2758
|
+
"createdAt": z.number(),
|
|
2759
|
+
"updatedAt": z.number()
|
|
2760
|
+
}),
|
|
2761
|
+
indices: [
|
|
2762
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "externalSubjectId"] },
|
|
2763
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "externalSubjectId"] },
|
|
2764
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2765
|
+
{ kind: "index", name: "by_principal_status", columns: ["principalId", "status"] },
|
|
2766
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "externalSubjectId"] },
|
|
2767
|
+
{ kind: "index", name: "by_workspace_provider_subject", columns: ["workspaceId", "provider", "externalSubjectId"] }
|
|
2768
|
+
]
|
|
2769
|
+
});
|
|
2467
2770
|
defineTable({
|
|
2468
2771
|
name: "rateLimitWindows",
|
|
2469
2772
|
component: "mc",
|
|
@@ -3053,7 +3356,7 @@ defineTable({
|
|
|
3053
3356
|
});
|
|
3054
3357
|
defineTable({
|
|
3055
3358
|
name: "mcpWritePolicy",
|
|
3056
|
-
component: "
|
|
3359
|
+
component: "control-plane",
|
|
3057
3360
|
category: "platform",
|
|
3058
3361
|
shape: z.object({
|
|
3059
3362
|
"topicId": z.string().optional(),
|
|
@@ -3076,7 +3379,7 @@ defineTable({
|
|
|
3076
3379
|
});
|
|
3077
3380
|
defineTable({
|
|
3078
3381
|
name: "platformAudienceGrants",
|
|
3079
|
-
component: "
|
|
3382
|
+
component: "control-plane",
|
|
3080
3383
|
category: "platform",
|
|
3081
3384
|
shape: z.object({
|
|
3082
3385
|
"tenantId": z.string(),
|
|
@@ -3102,7 +3405,7 @@ defineTable({
|
|
|
3102
3405
|
});
|
|
3103
3406
|
defineTable({
|
|
3104
3407
|
name: "platformAudiences",
|
|
3105
|
-
component: "
|
|
3408
|
+
component: "control-plane",
|
|
3106
3409
|
category: "platform",
|
|
3107
3410
|
shape: z.object({
|
|
3108
3411
|
"tenantId": z.string(),
|
|
@@ -3127,7 +3430,7 @@ defineTable({
|
|
|
3127
3430
|
});
|
|
3128
3431
|
defineTable({
|
|
3129
3432
|
name: "platformPolicyDecisionLogs",
|
|
3130
|
-
component: "
|
|
3433
|
+
component: "control-plane",
|
|
3131
3434
|
category: "platform",
|
|
3132
3435
|
shape: z.object({
|
|
3133
3436
|
"principalId": z.string(),
|
|
@@ -3163,7 +3466,7 @@ defineTable({
|
|
|
3163
3466
|
});
|
|
3164
3467
|
defineTable({
|
|
3165
3468
|
name: "tenantApiKeys",
|
|
3166
|
-
component: "
|
|
3469
|
+
component: "control-plane",
|
|
3167
3470
|
category: "platform",
|
|
3168
3471
|
shape: z.object({
|
|
3169
3472
|
"tenantId": z.string(),
|
|
@@ -3190,7 +3493,7 @@ defineTable({
|
|
|
3190
3493
|
});
|
|
3191
3494
|
defineTable({
|
|
3192
3495
|
name: "tenantConfig",
|
|
3193
|
-
component: "
|
|
3496
|
+
component: "control-plane",
|
|
3194
3497
|
category: "platform",
|
|
3195
3498
|
shape: z.object({
|
|
3196
3499
|
"tenantId": z.string(),
|
|
@@ -3209,7 +3512,7 @@ defineTable({
|
|
|
3209
3512
|
});
|
|
3210
3513
|
defineTable({
|
|
3211
3514
|
name: "tenantIntegrations",
|
|
3212
|
-
component: "
|
|
3515
|
+
component: "control-plane",
|
|
3213
3516
|
category: "platform",
|
|
3214
3517
|
shape: z.object({
|
|
3215
3518
|
"tenantId": z.string(),
|
|
@@ -3264,7 +3567,7 @@ defineTable({
|
|
|
3264
3567
|
});
|
|
3265
3568
|
defineTable({
|
|
3266
3569
|
name: "tenantModelSlotBindings",
|
|
3267
|
-
component: "
|
|
3570
|
+
component: "control-plane",
|
|
3268
3571
|
category: "platform",
|
|
3269
3572
|
shape: z.object({
|
|
3270
3573
|
"bindingId": z.string(),
|
|
@@ -3292,7 +3595,7 @@ defineTable({
|
|
|
3292
3595
|
});
|
|
3293
3596
|
defineTable({
|
|
3294
3597
|
name: "tenantPolicies",
|
|
3295
|
-
component: "
|
|
3598
|
+
component: "control-plane",
|
|
3296
3599
|
category: "platform",
|
|
3297
3600
|
shape: z.object({
|
|
3298
3601
|
"tenantId": z.string(),
|
|
@@ -3317,7 +3620,7 @@ defineTable({
|
|
|
3317
3620
|
});
|
|
3318
3621
|
defineTable({
|
|
3319
3622
|
name: "tenantProviderSecrets",
|
|
3320
|
-
component: "
|
|
3623
|
+
component: "control-plane",
|
|
3321
3624
|
category: "platform",
|
|
3322
3625
|
shape: z.object({
|
|
3323
3626
|
"secretRef": z.string(),
|
|
@@ -3348,7 +3651,7 @@ defineTable({
|
|
|
3348
3651
|
});
|
|
3349
3652
|
defineTable({
|
|
3350
3653
|
name: "tenantProxyGatewayUsage",
|
|
3351
|
-
component: "
|
|
3654
|
+
component: "control-plane",
|
|
3352
3655
|
category: "platform",
|
|
3353
3656
|
shape: z.object({
|
|
3354
3657
|
"usageId": z.string(),
|
|
@@ -3383,7 +3686,7 @@ defineTable({
|
|
|
3383
3686
|
});
|
|
3384
3687
|
defineTable({
|
|
3385
3688
|
name: "tenantProxyTokenMints",
|
|
3386
|
-
component: "
|
|
3689
|
+
component: "control-plane",
|
|
3387
3690
|
category: "platform",
|
|
3388
3691
|
shape: z.object({
|
|
3389
3692
|
"proxyTokenId": z.string(),
|
|
@@ -3406,7 +3709,7 @@ defineTable({
|
|
|
3406
3709
|
});
|
|
3407
3710
|
defineTable({
|
|
3408
3711
|
name: "tenantSandboxAuditEvents",
|
|
3409
|
-
component: "
|
|
3712
|
+
component: "control-plane",
|
|
3410
3713
|
category: "platform",
|
|
3411
3714
|
shape: z.object({
|
|
3412
3715
|
"eventId": z.string(),
|
|
@@ -3440,7 +3743,7 @@ defineTable({
|
|
|
3440
3743
|
});
|
|
3441
3744
|
defineTable({
|
|
3442
3745
|
name: "tenantSecrets",
|
|
3443
|
-
component: "
|
|
3746
|
+
component: "control-plane",
|
|
3444
3747
|
category: "platform",
|
|
3445
3748
|
shape: z.object({
|
|
3446
3749
|
"tenantId": z.string(),
|
|
@@ -3462,7 +3765,7 @@ defineTable({
|
|
|
3462
3765
|
});
|
|
3463
3766
|
defineTable({
|
|
3464
3767
|
name: "toolAcls",
|
|
3465
|
-
component: "
|
|
3768
|
+
component: "control-plane",
|
|
3466
3769
|
category: "platform",
|
|
3467
3770
|
shape: z.object({
|
|
3468
3771
|
"role": z.enum(["platform_admin", "tenant_admin", "workspace_admin", "editor", "viewer", "auditor", "service_agent"]),
|
|
@@ -3477,7 +3780,7 @@ defineTable({
|
|
|
3477
3780
|
});
|
|
3478
3781
|
defineTable({
|
|
3479
3782
|
name: "toolRegistry",
|
|
3480
|
-
component: "
|
|
3783
|
+
component: "control-plane",
|
|
3481
3784
|
category: "platform",
|
|
3482
3785
|
shape: z.object({
|
|
3483
3786
|
"toolName": z.string(),
|
|
@@ -3558,7 +3861,7 @@ defineTable({
|
|
|
3558
3861
|
});
|
|
3559
3862
|
defineTable({
|
|
3560
3863
|
name: "modelCallLogs",
|
|
3561
|
-
component: "
|
|
3864
|
+
component: "control-plane",
|
|
3562
3865
|
category: "model",
|
|
3563
3866
|
shape: z.object({
|
|
3564
3867
|
"slot": z.string(),
|
|
@@ -3584,7 +3887,7 @@ defineTable({
|
|
|
3584
3887
|
});
|
|
3585
3888
|
defineTable({
|
|
3586
3889
|
name: "modelFunctionSlots",
|
|
3587
|
-
component: "
|
|
3890
|
+
component: "control-plane",
|
|
3588
3891
|
category: "model",
|
|
3589
3892
|
shape: z.object({
|
|
3590
3893
|
"slot": z.string(),
|
|
@@ -3609,7 +3912,7 @@ defineTable({
|
|
|
3609
3912
|
});
|
|
3610
3913
|
defineTable({
|
|
3611
3914
|
name: "modelRegistry",
|
|
3612
|
-
component: "
|
|
3915
|
+
component: "control-plane",
|
|
3613
3916
|
category: "model",
|
|
3614
3917
|
shape: z.object({
|
|
3615
3918
|
"key": z.string(),
|
|
@@ -3636,7 +3939,7 @@ defineTable({
|
|
|
3636
3939
|
});
|
|
3637
3940
|
defineTable({
|
|
3638
3941
|
name: "modelSlotConfigs",
|
|
3639
|
-
component: "
|
|
3942
|
+
component: "control-plane",
|
|
3640
3943
|
category: "model",
|
|
3641
3944
|
shape: z.object({
|
|
3642
3945
|
"slot": z.string(),
|
|
@@ -4023,7 +4326,7 @@ defineTable({
|
|
|
4023
4326
|
"workspaceId": idOf("workspaces").optional(),
|
|
4024
4327
|
"resourceType": z.string(),
|
|
4025
4328
|
"resourceId": z.string(),
|
|
4026
|
-
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote"]),
|
|
4329
|
+
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote", "route", "invoke", "manage", "deploy", "promote", "rollback", "audit", "read_ref", "fetch_value", "rotate", "administer", "mint", "delegate", "revoke"]),
|
|
4027
4330
|
"decision": z.enum(["allow", "deny"]),
|
|
4028
4331
|
"reasonCode": z.string(),
|
|
4029
4332
|
"policyVersion": z.string(),
|
|
@@ -4085,7 +4388,7 @@ defineTable({
|
|
|
4085
4388
|
});
|
|
4086
4389
|
defineTable({
|
|
4087
4390
|
name: "projectGrants",
|
|
4088
|
-
component: "
|
|
4391
|
+
component: "control-plane",
|
|
4089
4392
|
category: "project",
|
|
4090
4393
|
shape: z.object({
|
|
4091
4394
|
"projectId": z.string().optional(),
|
|
@@ -4117,91 +4420,735 @@ defineTable({
|
|
|
4117
4420
|
{ kind: "index", name: "by_topic_cluster_status", columns: ["topicId", "beliefClusterId", "status"] }
|
|
4118
4421
|
]
|
|
4119
4422
|
});
|
|
4423
|
+
var permitActorType = z.enum([
|
|
4424
|
+
"human",
|
|
4425
|
+
"agent",
|
|
4426
|
+
"service_principal",
|
|
4427
|
+
"external_stakeholder",
|
|
4428
|
+
"system"
|
|
4429
|
+
]);
|
|
4430
|
+
var permitMembershipStatus = z.enum([
|
|
4431
|
+
"active",
|
|
4432
|
+
"invited",
|
|
4433
|
+
"revoked",
|
|
4434
|
+
"suspended",
|
|
4435
|
+
"disabled"
|
|
4436
|
+
]);
|
|
4437
|
+
var permitDecision = z.enum(["allow", "deny"]);
|
|
4438
|
+
var permitAccessReviewStatus = z.enum([
|
|
4439
|
+
"open",
|
|
4440
|
+
"in_progress",
|
|
4441
|
+
"approved",
|
|
4442
|
+
"denied",
|
|
4443
|
+
"expired",
|
|
4444
|
+
"cancelled"
|
|
4445
|
+
]);
|
|
4446
|
+
var permitReviewScope = z.enum([
|
|
4447
|
+
"tenant",
|
|
4448
|
+
"workspace",
|
|
4449
|
+
"resource_instance",
|
|
4450
|
+
"group",
|
|
4451
|
+
"principal",
|
|
4452
|
+
"api_key",
|
|
4453
|
+
"admin_action"
|
|
4454
|
+
]);
|
|
4455
|
+
var permitRecordStatus = z.enum([
|
|
4456
|
+
"queued",
|
|
4457
|
+
"inflight",
|
|
4458
|
+
"completed",
|
|
4459
|
+
"failed",
|
|
4460
|
+
"skipped",
|
|
4461
|
+
"stale"
|
|
4462
|
+
]);
|
|
4463
|
+
var permitObjectType = z.enum([
|
|
4464
|
+
"resource",
|
|
4465
|
+
"role",
|
|
4466
|
+
"resource_role",
|
|
4467
|
+
"resource_relation",
|
|
4468
|
+
"tenant",
|
|
4469
|
+
"workspace",
|
|
4470
|
+
"principal",
|
|
4471
|
+
"membership",
|
|
4472
|
+
"group",
|
|
4473
|
+
"resource_instance",
|
|
4474
|
+
"relationship_tuple",
|
|
4475
|
+
"role_assignment",
|
|
4476
|
+
"attribute_binding",
|
|
4477
|
+
"policy_bundle"
|
|
4478
|
+
]);
|
|
4479
|
+
var permitOutboxOperation = z.enum([
|
|
4480
|
+
"upsert",
|
|
4481
|
+
"delete",
|
|
4482
|
+
"sync",
|
|
4483
|
+
"resync",
|
|
4484
|
+
"delete_sync",
|
|
4485
|
+
"noop"
|
|
4486
|
+
]);
|
|
4487
|
+
var permitPolicyBundleStatus = z.enum([
|
|
4488
|
+
"draft",
|
|
4489
|
+
"validated",
|
|
4490
|
+
"enforced",
|
|
4491
|
+
"archived"
|
|
4492
|
+
]);
|
|
4493
|
+
var permitSyncStatus = z.enum([
|
|
4494
|
+
"pending",
|
|
4495
|
+
"synced",
|
|
4496
|
+
"error",
|
|
4497
|
+
"skipped"
|
|
4498
|
+
]);
|
|
4499
|
+
var permitAccessReviewSubjectType = z.enum([
|
|
4500
|
+
"principal",
|
|
4501
|
+
"group",
|
|
4502
|
+
"role_assignment",
|
|
4503
|
+
"resource_instance"
|
|
4504
|
+
]);
|
|
4505
|
+
var permitAttributeType = z.enum([
|
|
4506
|
+
"string",
|
|
4507
|
+
"number",
|
|
4508
|
+
"bool",
|
|
4509
|
+
"json",
|
|
4510
|
+
"time"
|
|
4511
|
+
]);
|
|
4512
|
+
var permitAttributeOperator = z.enum([
|
|
4513
|
+
"eq",
|
|
4514
|
+
"neq",
|
|
4515
|
+
"in",
|
|
4516
|
+
"not_in",
|
|
4517
|
+
"gt",
|
|
4518
|
+
"gte",
|
|
4519
|
+
"lt",
|
|
4520
|
+
"lte",
|
|
4521
|
+
"contains",
|
|
4522
|
+
"not_contains",
|
|
4523
|
+
"matches"
|
|
4524
|
+
]);
|
|
4525
|
+
var permitRoleBindingTarget = z.enum([
|
|
4526
|
+
"principal",
|
|
4527
|
+
"group"
|
|
4528
|
+
]);
|
|
4120
4529
|
defineTable({
|
|
4121
|
-
name: "
|
|
4122
|
-
component: "
|
|
4123
|
-
category: "
|
|
4530
|
+
name: "permitPrincipals",
|
|
4531
|
+
component: "control-plane",
|
|
4532
|
+
category: "access-control",
|
|
4124
4533
|
shape: z.object({
|
|
4125
|
-
|
|
4126
|
-
|
|
4127
|
-
|
|
4128
|
-
|
|
4129
|
-
|
|
4130
|
-
|
|
4131
|
-
|
|
4132
|
-
|
|
4133
|
-
|
|
4134
|
-
|
|
4135
|
-
|
|
4534
|
+
principalId: z.string(),
|
|
4535
|
+
tenantId: z.string(),
|
|
4536
|
+
workspaceId: z.optional(z.string()),
|
|
4537
|
+
principalType: permitActorType,
|
|
4538
|
+
status: permitMembershipStatus,
|
|
4539
|
+
displayName: z.string().optional(),
|
|
4540
|
+
metadata: z.record(z.any()).optional(),
|
|
4541
|
+
createdBy: z.string(),
|
|
4542
|
+
createdAt: z.number(),
|
|
4543
|
+
updatedAt: z.number(),
|
|
4544
|
+
updatedBy: z.string().optional(),
|
|
4545
|
+
lastSeenAt: z.number().optional()
|
|
4136
4546
|
}),
|
|
4137
4547
|
indices: [
|
|
4138
|
-
{ kind: "index", name: "
|
|
4139
|
-
{ kind: "index", name: "
|
|
4140
|
-
{ kind: "index", name: "
|
|
4141
|
-
{ kind: "index", name: "
|
|
4548
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4549
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4550
|
+
{ kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
|
|
4551
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4552
|
+
{
|
|
4553
|
+
kind: "index",
|
|
4554
|
+
name: "by_tenant_principalType_status",
|
|
4555
|
+
columns: ["tenantId", "principalType", "status"]
|
|
4556
|
+
}
|
|
4142
4557
|
]
|
|
4143
4558
|
});
|
|
4144
4559
|
defineTable({
|
|
4145
|
-
name: "
|
|
4146
|
-
component: "
|
|
4147
|
-
category: "
|
|
4560
|
+
name: "permitPrincipalAliases",
|
|
4561
|
+
component: "control-plane",
|
|
4562
|
+
category: "access-control",
|
|
4148
4563
|
shape: z.object({
|
|
4149
|
-
|
|
4150
|
-
|
|
4151
|
-
|
|
4152
|
-
|
|
4153
|
-
|
|
4154
|
-
|
|
4155
|
-
|
|
4156
|
-
|
|
4157
|
-
|
|
4158
|
-
|
|
4159
|
-
|
|
4160
|
-
|
|
4161
|
-
|
|
4564
|
+
principalId: z.string(),
|
|
4565
|
+
tenantId: z.string(),
|
|
4566
|
+
workspaceId: z.optional(z.string()),
|
|
4567
|
+
provider: z.string(),
|
|
4568
|
+
providerSubjectId: z.string(),
|
|
4569
|
+
providerProjectId: z.string().optional(),
|
|
4570
|
+
alias: z.string(),
|
|
4571
|
+
aliasKind: z.string(),
|
|
4572
|
+
status: permitMembershipStatus,
|
|
4573
|
+
metadata: z.record(z.any()).optional(),
|
|
4574
|
+
createdBy: z.string(),
|
|
4575
|
+
createdAt: z.number(),
|
|
4576
|
+
updatedAt: z.number(),
|
|
4577
|
+
revokedBy: z.string().optional(),
|
|
4578
|
+
revokedAt: z.number().optional(),
|
|
4579
|
+
updatedBy: z.string().optional()
|
|
4162
4580
|
}),
|
|
4163
4581
|
indices: [
|
|
4164
|
-
{ kind: "index", name: "
|
|
4165
|
-
{ kind: "index", name: "
|
|
4166
|
-
{ kind: "index", name: "
|
|
4582
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
4583
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "providerSubjectId"] },
|
|
4584
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "providerSubjectId"] },
|
|
4585
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
|
|
4586
|
+
{ kind: "index", name: "by_tenant_provider_project_subject", columns: ["tenantId", "provider", "providerProjectId", "providerSubjectId"] },
|
|
4587
|
+
{
|
|
4588
|
+
kind: "index",
|
|
4589
|
+
name: "by_tenant_provider_alias",
|
|
4590
|
+
columns: ["tenantId", "provider", "alias"]
|
|
4591
|
+
},
|
|
4592
|
+
{ kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
|
|
4593
|
+
{
|
|
4594
|
+
kind: "index",
|
|
4595
|
+
name: "by_tenant_provider_status",
|
|
4596
|
+
columns: ["tenantId", "provider", "status"]
|
|
4597
|
+
}
|
|
4167
4598
|
]
|
|
4168
4599
|
});
|
|
4169
4600
|
defineTable({
|
|
4170
|
-
name: "
|
|
4171
|
-
component: "
|
|
4172
|
-
category: "
|
|
4601
|
+
name: "permitGroups",
|
|
4602
|
+
component: "control-plane",
|
|
4603
|
+
category: "access-control",
|
|
4173
4604
|
shape: z.object({
|
|
4174
|
-
|
|
4175
|
-
|
|
4176
|
-
|
|
4177
|
-
|
|
4178
|
-
|
|
4179
|
-
|
|
4180
|
-
|
|
4181
|
-
|
|
4182
|
-
|
|
4183
|
-
|
|
4184
|
-
|
|
4185
|
-
|
|
4186
|
-
|
|
4187
|
-
|
|
4188
|
-
|
|
4189
|
-
"
|
|
4190
|
-
"
|
|
4191
|
-
"
|
|
4192
|
-
"
|
|
4193
|
-
|
|
4194
|
-
|
|
4195
|
-
|
|
4196
|
-
|
|
4197
|
-
|
|
4198
|
-
|
|
4199
|
-
|
|
4200
|
-
|
|
4201
|
-
|
|
4202
|
-
|
|
4203
|
-
|
|
4204
|
-
|
|
4605
|
+
tenantId: z.string(),
|
|
4606
|
+
workspaceId: z.optional(z.string()),
|
|
4607
|
+
groupId: z.string(),
|
|
4608
|
+
groupKey: z.string(),
|
|
4609
|
+
groupName: z.string(),
|
|
4610
|
+
groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
|
|
4611
|
+
status: permitMembershipStatus,
|
|
4612
|
+
description: z.string().optional(),
|
|
4613
|
+
metadata: z.record(z.any()).optional(),
|
|
4614
|
+
createdBy: z.string(),
|
|
4615
|
+
createdAt: z.number(),
|
|
4616
|
+
updatedAt: z.number(),
|
|
4617
|
+
updatedBy: z.string().optional()
|
|
4618
|
+
}),
|
|
4619
|
+
indices: [
|
|
4620
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4621
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4622
|
+
{ kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
|
|
4623
|
+
{ kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
|
|
4624
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4625
|
+
]
|
|
4626
|
+
});
|
|
4627
|
+
defineTable({
|
|
4628
|
+
name: "permitGroupMemberships",
|
|
4629
|
+
component: "control-plane",
|
|
4630
|
+
category: "access-control",
|
|
4631
|
+
shape: z.object({
|
|
4632
|
+
tenantId: z.string(),
|
|
4633
|
+
workspaceId: z.optional(z.string()),
|
|
4634
|
+
groupId: z.string(),
|
|
4635
|
+
memberType: z.enum(["principal", "group"]),
|
|
4636
|
+
memberId: z.string(),
|
|
4637
|
+
principalId: z.string().optional(),
|
|
4638
|
+
childGroupId: z.string().optional(),
|
|
4639
|
+
status: permitMembershipStatus,
|
|
4640
|
+
addedBy: z.string().optional(),
|
|
4641
|
+
revokedBy: z.string().optional(),
|
|
4642
|
+
expiresAt: z.number().optional(),
|
|
4643
|
+
revocationReason: z.string().optional(),
|
|
4644
|
+
metadata: z.record(z.any()).optional(),
|
|
4645
|
+
createdAt: z.number(),
|
|
4646
|
+
updatedAt: z.number(),
|
|
4647
|
+
updatedBy: z.string().optional()
|
|
4648
|
+
}),
|
|
4649
|
+
indices: [
|
|
4650
|
+
{ kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
|
|
4651
|
+
{ kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
|
|
4652
|
+
{
|
|
4653
|
+
kind: "index",
|
|
4654
|
+
name: "by_tenant_member_group",
|
|
4655
|
+
columns: ["tenantId", "memberType", "memberId", "groupId"]
|
|
4656
|
+
},
|
|
4657
|
+
{ kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
|
|
4658
|
+
{ kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
|
|
4659
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4660
|
+
{
|
|
4661
|
+
kind: "index",
|
|
4662
|
+
name: "by_workspace_principal",
|
|
4663
|
+
columns: ["workspaceId", "principalId"]
|
|
4664
|
+
}
|
|
4665
|
+
]
|
|
4666
|
+
});
|
|
4667
|
+
defineTable({
|
|
4668
|
+
name: "permitResourceInstances",
|
|
4669
|
+
component: "control-plane",
|
|
4670
|
+
category: "access-control",
|
|
4671
|
+
shape: z.object({
|
|
4672
|
+
tenantId: z.string(),
|
|
4673
|
+
workspaceId: z.optional(z.string()),
|
|
4674
|
+
resourceType: z.string(),
|
|
4675
|
+
resourceKey: z.string(),
|
|
4676
|
+
resourceId: z.string(),
|
|
4677
|
+
status: z.enum(["active", "deleted", "archived"]),
|
|
4678
|
+
attributes: z.record(z.any()).optional(),
|
|
4679
|
+
ownerPrincipalId: z.string().optional(),
|
|
4680
|
+
metadata: z.record(z.any()).optional(),
|
|
4681
|
+
createdBy: z.string(),
|
|
4682
|
+
updatedBy: z.string().optional(),
|
|
4683
|
+
createdAt: z.number(),
|
|
4684
|
+
updatedAt: z.number()
|
|
4685
|
+
}),
|
|
4686
|
+
indices: [
|
|
4687
|
+
{
|
|
4688
|
+
kind: "index",
|
|
4689
|
+
name: "by_tenant_resource_type",
|
|
4690
|
+
columns: ["tenantId", "resourceType"]
|
|
4691
|
+
},
|
|
4692
|
+
{
|
|
4693
|
+
kind: "index",
|
|
4694
|
+
name: "by_tenant_resource_key",
|
|
4695
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4696
|
+
},
|
|
4697
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4698
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4699
|
+
{
|
|
4700
|
+
kind: "index",
|
|
4701
|
+
name: "by_tenant_status",
|
|
4702
|
+
columns: ["tenantId", "status"]
|
|
4703
|
+
},
|
|
4704
|
+
{
|
|
4705
|
+
kind: "index",
|
|
4706
|
+
name: "by_ownerPrincipalId",
|
|
4707
|
+
columns: ["ownerPrincipalId"]
|
|
4708
|
+
}
|
|
4709
|
+
]
|
|
4710
|
+
});
|
|
4711
|
+
defineTable({
|
|
4712
|
+
name: "permitRoleAssignments",
|
|
4713
|
+
component: "control-plane",
|
|
4714
|
+
category: "access-control",
|
|
4715
|
+
shape: z.object({
|
|
4716
|
+
tenantId: z.string(),
|
|
4717
|
+
workspaceId: z.optional(z.string()),
|
|
4718
|
+
role: z.string(),
|
|
4719
|
+
targetType: permitRoleBindingTarget,
|
|
4720
|
+
targetId: z.string(),
|
|
4721
|
+
resourceType: z.string(),
|
|
4722
|
+
resourceKey: z.string(),
|
|
4723
|
+
resourceInstanceId: z.string().optional(),
|
|
4724
|
+
status: permitMembershipStatus,
|
|
4725
|
+
expiresAt: z.number().optional(),
|
|
4726
|
+
attributes: z.record(z.any()).optional(),
|
|
4727
|
+
grantedBy: z.string().optional(),
|
|
4728
|
+
updatedBy: z.string().optional(),
|
|
4729
|
+
revokedBy: z.string().optional(),
|
|
4730
|
+
createdAt: z.number(),
|
|
4731
|
+
updatedAt: z.number()
|
|
4732
|
+
}),
|
|
4733
|
+
indices: [
|
|
4734
|
+
{
|
|
4735
|
+
kind: "index",
|
|
4736
|
+
name: "by_tenant_target",
|
|
4737
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4738
|
+
},
|
|
4739
|
+
{
|
|
4740
|
+
kind: "index",
|
|
4741
|
+
name: "by_tenant_resource",
|
|
4742
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4743
|
+
},
|
|
4744
|
+
{
|
|
4745
|
+
kind: "index",
|
|
4746
|
+
name: "by_tenant_role",
|
|
4747
|
+
columns: ["tenantId", "role", "status"]
|
|
4748
|
+
},
|
|
4749
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4750
|
+
{
|
|
4751
|
+
kind: "index",
|
|
4752
|
+
name: "by_workspace_resource",
|
|
4753
|
+
columns: ["workspaceId", "resourceType", "resourceKey"]
|
|
4754
|
+
}
|
|
4755
|
+
]
|
|
4756
|
+
});
|
|
4757
|
+
defineTable({
|
|
4758
|
+
name: "permitRelationshipTuples",
|
|
4759
|
+
component: "control-plane",
|
|
4760
|
+
category: "access-control",
|
|
4761
|
+
shape: z.object({
|
|
4762
|
+
tenantId: z.string(),
|
|
4763
|
+
workspaceId: z.optional(z.string()),
|
|
4764
|
+
relation: z.string(),
|
|
4765
|
+
subject: z.string(),
|
|
4766
|
+
object: z.string(),
|
|
4767
|
+
resourceType: z.string().optional(),
|
|
4768
|
+
resourceKey: z.string().optional(),
|
|
4769
|
+
status: permitRecordStatus,
|
|
4770
|
+
attributes: z.record(z.any()).optional(),
|
|
4771
|
+
createdBy: z.string(),
|
|
4772
|
+
createdAt: z.number(),
|
|
4773
|
+
updatedAt: z.number(),
|
|
4774
|
+
lastSeenAt: z.number().optional(),
|
|
4775
|
+
updatedBy: z.string().optional()
|
|
4776
|
+
}),
|
|
4777
|
+
indices: [
|
|
4778
|
+
{ kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
|
|
4779
|
+
{ kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
|
|
4780
|
+
{ kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
|
|
4781
|
+
{
|
|
4782
|
+
kind: "index",
|
|
4783
|
+
name: "by_tenant_relation_subject",
|
|
4784
|
+
columns: ["tenantId", "relation", "subject"]
|
|
4785
|
+
},
|
|
4786
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4787
|
+
]
|
|
4788
|
+
});
|
|
4789
|
+
defineTable({
|
|
4790
|
+
name: "permitAttributeBindings",
|
|
4791
|
+
component: "control-plane",
|
|
4792
|
+
category: "access-control",
|
|
4793
|
+
shape: z.object({
|
|
4794
|
+
tenantId: z.string(),
|
|
4795
|
+
workspaceId: z.optional(z.string()),
|
|
4796
|
+
targetType: permitRoleBindingTarget,
|
|
4797
|
+
targetId: z.string(),
|
|
4798
|
+
attributeName: z.string(),
|
|
4799
|
+
attributeType: permitAttributeType,
|
|
4800
|
+
attributeOperator: permitAttributeOperator,
|
|
4801
|
+
attributeValue: z.any(),
|
|
4802
|
+
status: permitRecordStatus,
|
|
4803
|
+
source: z.string().optional(),
|
|
4804
|
+
sourceRef: z.string().optional(),
|
|
4805
|
+
metadata: z.record(z.any()).optional(),
|
|
4806
|
+
createdAt: z.number(),
|
|
4807
|
+
updatedAt: z.number(),
|
|
4808
|
+
createdBy: z.string(),
|
|
4809
|
+
updatedBy: z.string().optional(),
|
|
4810
|
+
expiresAt: z.number().optional()
|
|
4811
|
+
}),
|
|
4812
|
+
indices: [
|
|
4813
|
+
{
|
|
4814
|
+
kind: "index",
|
|
4815
|
+
name: "by_tenant_target",
|
|
4816
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4817
|
+
},
|
|
4818
|
+
{
|
|
4819
|
+
kind: "index",
|
|
4820
|
+
name: "by_tenant_target_attribute",
|
|
4821
|
+
columns: ["tenantId", "targetType", "targetId", "attributeName"]
|
|
4822
|
+
},
|
|
4823
|
+
{
|
|
4824
|
+
kind: "index",
|
|
4825
|
+
name: "by_tenant_name",
|
|
4826
|
+
columns: ["tenantId", "attributeName"]
|
|
4827
|
+
},
|
|
4828
|
+
{
|
|
4829
|
+
kind: "index",
|
|
4830
|
+
name: "by_tenant_status",
|
|
4831
|
+
columns: ["tenantId", "status"]
|
|
4832
|
+
}
|
|
4833
|
+
]
|
|
4834
|
+
});
|
|
4835
|
+
defineTable({
|
|
4836
|
+
name: "permitPolicyBundles",
|
|
4837
|
+
component: "control-plane",
|
|
4838
|
+
category: "access-control",
|
|
4839
|
+
shape: z.object({
|
|
4840
|
+
tenantId: z.string(),
|
|
4841
|
+
workspaceId: z.optional(z.string()),
|
|
4842
|
+
bundleKey: z.string(),
|
|
4843
|
+
version: z.number(),
|
|
4844
|
+
status: permitPolicyBundleStatus,
|
|
4845
|
+
policyHash: z.string().optional(),
|
|
4846
|
+
policyPayload: z.record(z.any()),
|
|
4847
|
+
metadata: z.record(z.any()).optional(),
|
|
4848
|
+
createdBy: z.string(),
|
|
4849
|
+
reviewedBy: z.string().optional(),
|
|
4850
|
+
createdAt: z.number(),
|
|
4851
|
+
updatedAt: z.number(),
|
|
4852
|
+
retiredAt: z.number().optional()
|
|
4853
|
+
}),
|
|
4854
|
+
indices: [
|
|
4855
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4856
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4857
|
+
{
|
|
4858
|
+
kind: "index",
|
|
4859
|
+
name: "by_tenant_bundleKey",
|
|
4860
|
+
columns: ["tenantId", "bundleKey"]
|
|
4861
|
+
},
|
|
4862
|
+
{
|
|
4863
|
+
kind: "index",
|
|
4864
|
+
name: "by_tenant_bundle_version",
|
|
4865
|
+
columns: ["tenantId", "bundleKey", "version"]
|
|
4866
|
+
},
|
|
4867
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4868
|
+
]
|
|
4869
|
+
});
|
|
4870
|
+
defineTable({
|
|
4871
|
+
name: "permitProjectionOutbox",
|
|
4872
|
+
component: "control-plane",
|
|
4873
|
+
category: "access-control",
|
|
4874
|
+
shape: z.object({
|
|
4875
|
+
syncKey: z.string(),
|
|
4876
|
+
objectType: permitObjectType,
|
|
4877
|
+
objectId: z.string(),
|
|
4878
|
+
operation: permitOutboxOperation,
|
|
4879
|
+
payload: z.record(z.any()),
|
|
4880
|
+
status: permitRecordStatus,
|
|
4881
|
+
attemptCount: z.number(),
|
|
4882
|
+
nextAttemptAt: z.number().optional(),
|
|
4883
|
+
lastError: z.string().optional(),
|
|
4884
|
+
tenantId: z.string().optional(),
|
|
4885
|
+
workspaceId: z.optional(z.string()),
|
|
4886
|
+
principalId: z.string().optional(),
|
|
4887
|
+
permitTenantKey: z.string().optional(),
|
|
4888
|
+
permitResourceType: z.string().optional(),
|
|
4889
|
+
permitResourceKey: z.string().optional(),
|
|
4890
|
+
createdAt: z.number(),
|
|
4891
|
+
updatedAt: z.number(),
|
|
4892
|
+
lastHandledAt: z.number().optional()
|
|
4893
|
+
}),
|
|
4894
|
+
indices: [
|
|
4895
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4896
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4897
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4898
|
+
{
|
|
4899
|
+
kind: "index",
|
|
4900
|
+
name: "by_tenant_status",
|
|
4901
|
+
columns: ["tenantId", "status"]
|
|
4902
|
+
},
|
|
4903
|
+
{
|
|
4904
|
+
kind: "index",
|
|
4905
|
+
name: "by_objectType",
|
|
4906
|
+
columns: ["objectType", "status"]
|
|
4907
|
+
}
|
|
4908
|
+
]
|
|
4909
|
+
});
|
|
4910
|
+
defineTable({
|
|
4911
|
+
name: "tenantPermitSyncStates",
|
|
4912
|
+
component: "control-plane",
|
|
4913
|
+
category: "access-control",
|
|
4914
|
+
shape: z.object({
|
|
4915
|
+
syncKey: z.string(),
|
|
4916
|
+
objectType: permitObjectType,
|
|
4917
|
+
objectId: z.string(),
|
|
4918
|
+
tenantId: z.string().optional(),
|
|
4919
|
+
workspaceId: z.string().optional(),
|
|
4920
|
+
principalId: z.string().optional(),
|
|
4921
|
+
permitTenantKey: z.string().optional(),
|
|
4922
|
+
permitResourceType: z.string().optional(),
|
|
4923
|
+
permitResourceKey: z.string().optional(),
|
|
4924
|
+
desiredPayload: z.record(z.any()),
|
|
4925
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
4926
|
+
status: permitSyncStatus,
|
|
4927
|
+
attemptCount: z.number(),
|
|
4928
|
+
lastError: z.string().optional(),
|
|
4929
|
+
nextAttemptAt: z.number().optional(),
|
|
4930
|
+
lastSyncedAt: z.number().optional(),
|
|
4931
|
+
createdBy: z.string(),
|
|
4932
|
+
updatedBy: z.string().optional(),
|
|
4933
|
+
createdAt: z.number(),
|
|
4934
|
+
updatedAt: z.number()
|
|
4935
|
+
}),
|
|
4936
|
+
indices: [
|
|
4937
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4938
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4939
|
+
{
|
|
4940
|
+
kind: "index",
|
|
4941
|
+
name: "by_tenant_status",
|
|
4942
|
+
columns: ["tenantId", "status"]
|
|
4943
|
+
},
|
|
4944
|
+
{
|
|
4945
|
+
kind: "index",
|
|
4946
|
+
name: "by_workspace_status",
|
|
4947
|
+
columns: ["workspaceId", "status"]
|
|
4948
|
+
},
|
|
4949
|
+
{
|
|
4950
|
+
kind: "index",
|
|
4951
|
+
name: "by_principal_status",
|
|
4952
|
+
columns: ["principalId", "status"]
|
|
4953
|
+
}
|
|
4954
|
+
]
|
|
4955
|
+
});
|
|
4956
|
+
defineTable({
|
|
4957
|
+
name: "permitPolicyDecisionReceipts",
|
|
4958
|
+
component: "control-plane",
|
|
4959
|
+
category: "access-control",
|
|
4960
|
+
shape: z.object({
|
|
4961
|
+
tenantId: z.string().optional(),
|
|
4962
|
+
workspaceId: z.string().optional(),
|
|
4963
|
+
principalId: z.string(),
|
|
4964
|
+
subjectType: permitAccessReviewSubjectType.optional(),
|
|
4965
|
+
subjectId: z.string().optional(),
|
|
4966
|
+
resourceType: z.string(),
|
|
4967
|
+
resourceId: z.string(),
|
|
4968
|
+
action: z.string(),
|
|
4969
|
+
decision: permitDecision,
|
|
4970
|
+
reasonCode: z.string(),
|
|
4971
|
+
policyBundleId: z.string().optional(),
|
|
4972
|
+
policyVersion: z.string(),
|
|
4973
|
+
traceId: z.string().optional(),
|
|
4974
|
+
requestId: z.string().optional(),
|
|
4975
|
+
audienceMode: z.string().optional(),
|
|
4976
|
+
audienceKey: z.string().optional(),
|
|
4977
|
+
audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
|
|
4978
|
+
metadata: z.record(z.any()).optional(),
|
|
4979
|
+
createdAt: z.number(),
|
|
4980
|
+
expiresAt: z.number().optional(),
|
|
4981
|
+
createdBy: z.string().optional()
|
|
4982
|
+
}),
|
|
4983
|
+
indices: [
|
|
4984
|
+
{ kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
|
|
4985
|
+
{ kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
|
|
4986
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
|
|
4987
|
+
{ kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
|
|
4988
|
+
{ kind: "index", name: "by_traceId", columns: ["traceId"] },
|
|
4989
|
+
{ kind: "index", name: "by_action", columns: ["action"] }
|
|
4990
|
+
]
|
|
4991
|
+
});
|
|
4992
|
+
defineTable({
|
|
4993
|
+
name: "permitAccessReviews",
|
|
4994
|
+
component: "control-plane",
|
|
4995
|
+
category: "access-control",
|
|
4996
|
+
shape: z.object({
|
|
4997
|
+
tenantId: z.string(),
|
|
4998
|
+
workspaceId: z.optional(z.string()),
|
|
4999
|
+
reviewKey: z.string(),
|
|
5000
|
+
scope: permitReviewScope,
|
|
5001
|
+
status: permitAccessReviewStatus,
|
|
5002
|
+
subjectType: permitAccessReviewSubjectType,
|
|
5003
|
+
subjectId: z.string(),
|
|
5004
|
+
resourceType: z.string().optional(),
|
|
5005
|
+
resourceKey: z.string().optional(),
|
|
5006
|
+
outcome: z.enum(["allow", "deny"]).optional(),
|
|
5007
|
+
requestedBy: z.string(),
|
|
5008
|
+
reviewedBy: z.string().optional(),
|
|
5009
|
+
requestedAt: z.number(),
|
|
5010
|
+
reviewedAt: z.number().optional(),
|
|
5011
|
+
dueAt: z.number().optional(),
|
|
5012
|
+
justification: z.string().optional(),
|
|
5013
|
+
rationale: z.string().optional(),
|
|
5014
|
+
policyBundleId: z.string().optional(),
|
|
5015
|
+
metadata: z.record(z.any()).optional(),
|
|
5016
|
+
createdAt: z.number(),
|
|
5017
|
+
updatedAt: z.number()
|
|
5018
|
+
}),
|
|
5019
|
+
indices: [
|
|
5020
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
5021
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
5022
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
5023
|
+
{
|
|
5024
|
+
kind: "index",
|
|
5025
|
+
name: "by_tenant_subject",
|
|
5026
|
+
columns: ["tenantId", "subjectType", "subjectId"]
|
|
5027
|
+
},
|
|
5028
|
+
{ kind: "index", name: "by_outcome", columns: ["outcome"] },
|
|
5029
|
+
{
|
|
5030
|
+
kind: "index",
|
|
5031
|
+
name: "by_workspace_status",
|
|
5032
|
+
columns: ["workspaceId", "status"]
|
|
5033
|
+
}
|
|
5034
|
+
]
|
|
5035
|
+
});
|
|
5036
|
+
defineTable({
|
|
5037
|
+
name: "permitAccessReviewItems",
|
|
5038
|
+
component: "control-plane",
|
|
5039
|
+
category: "access-control",
|
|
5040
|
+
shape: z.object({
|
|
5041
|
+
reviewKey: z.string(),
|
|
5042
|
+
itemKey: z.string(),
|
|
5043
|
+
tenantId: z.string(),
|
|
5044
|
+
workspaceId: z.string().optional(),
|
|
5045
|
+
subjectType: permitAccessReviewSubjectType,
|
|
5046
|
+
subjectId: z.string(),
|
|
5047
|
+
resourceType: z.string().optional(),
|
|
5048
|
+
resourceKey: z.string().optional(),
|
|
5049
|
+
role: z.string().optional(),
|
|
5050
|
+
relation: z.string().optional(),
|
|
5051
|
+
status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
|
|
5052
|
+
reviewerId: z.string().optional(),
|
|
5053
|
+
decisionAt: z.number().optional(),
|
|
5054
|
+
rationale: z.string().optional(),
|
|
5055
|
+
metadata: z.record(z.any()).optional(),
|
|
5056
|
+
createdAt: z.number(),
|
|
5057
|
+
updatedAt: z.number()
|
|
5058
|
+
}),
|
|
5059
|
+
indices: [
|
|
5060
|
+
{ kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
|
|
5061
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
5062
|
+
{ kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
|
|
5063
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
5064
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
5065
|
+
]
|
|
5066
|
+
});
|
|
5067
|
+
defineTable({
|
|
5068
|
+
name: "reasoningPermissions",
|
|
5069
|
+
component: "control-plane",
|
|
5070
|
+
category: "epistemic",
|
|
5071
|
+
shape: z.object({
|
|
5072
|
+
"topicId": z.string().optional(),
|
|
5073
|
+
"principalId": z.string(),
|
|
5074
|
+
"nodeType": z.enum(["belief", "evidence", "action", "approval", "artifact"]),
|
|
5075
|
+
"action": z.enum(["view_conclusion", "view_evidence", "propose_action", "approve_action", "view_derived_artifact"]),
|
|
5076
|
+
"effect": z.enum(["allow", "deny"]),
|
|
5077
|
+
"policyReference": z.string().optional(),
|
|
5078
|
+
"rationale": z.string().optional(),
|
|
5079
|
+
"metadata": z.record(z.any()).optional(),
|
|
5080
|
+
"createdAt": z.number(),
|
|
5081
|
+
"createdBy": z.string(),
|
|
5082
|
+
"updatedAt": z.number()
|
|
5083
|
+
}),
|
|
5084
|
+
indices: [
|
|
5085
|
+
{ kind: "index", name: "by_topic_principal", columns: ["topicId", "principalId"] },
|
|
5086
|
+
{ kind: "index", name: "by_topic_principal_action", columns: ["topicId", "principalId", "action"] },
|
|
5087
|
+
{ kind: "index", name: "by_topic_principal_node_action", columns: ["topicId", "principalId", "nodeType", "action"] },
|
|
5088
|
+
{ kind: "index", name: "by_principal_action", columns: ["principalId", "action"] }
|
|
5089
|
+
]
|
|
5090
|
+
});
|
|
5091
|
+
defineTable({
|
|
5092
|
+
name: "schemaEnumConfig",
|
|
5093
|
+
component: "kernel",
|
|
5094
|
+
category: "config",
|
|
5095
|
+
shape: z.object({
|
|
5096
|
+
"tenantId": z.string().optional(),
|
|
5097
|
+
"category": z.string(),
|
|
5098
|
+
"value": z.string(),
|
|
5099
|
+
"label": z.string(),
|
|
5100
|
+
"description": z.string().optional(),
|
|
5101
|
+
"tier": z.enum(["platform", "tenant"]),
|
|
5102
|
+
"domainNamespace": z.string().optional(),
|
|
5103
|
+
"metadata": z.any().optional(),
|
|
5104
|
+
"isDefault": z.boolean().optional(),
|
|
5105
|
+
"sortOrder": z.number().optional(),
|
|
5106
|
+
"status": z.enum(["active", "deprecated"]),
|
|
5107
|
+
"createdAt": z.number(),
|
|
5108
|
+
"updatedAt": z.number()
|
|
5109
|
+
}),
|
|
5110
|
+
indices: [
|
|
5111
|
+
{ kind: "index", name: "by_category", columns: ["category"] },
|
|
5112
|
+
{ kind: "index", name: "by_tenant_category", columns: ["tenantId", "category"] },
|
|
5113
|
+
{ kind: "index", name: "by_category_value", columns: ["category", "value"] }
|
|
5114
|
+
]
|
|
5115
|
+
});
|
|
5116
|
+
defineTable({
|
|
5117
|
+
name: "tasks",
|
|
5118
|
+
component: "kernel",
|
|
5119
|
+
category: "task",
|
|
5120
|
+
shape: z.object({
|
|
5121
|
+
"topicId": z.string().optional(),
|
|
5122
|
+
"tenantId": z.string().optional(),
|
|
5123
|
+
"workspaceId": z.string().optional(),
|
|
5124
|
+
"title": z.string(),
|
|
5125
|
+
"description": z.string().optional(),
|
|
5126
|
+
"status": z.enum(["todo", "in_progress", "blocked", "done"]),
|
|
5127
|
+
"priority": z.enum(["urgent", "high", "medium", "low"]),
|
|
5128
|
+
"dueDate": z.number().optional(),
|
|
5129
|
+
"linkedWorktreeId": idOf("worktrees").optional(),
|
|
5130
|
+
"linkedBeliefId": z.string().optional(),
|
|
5131
|
+
"linkedQuestionId": z.string().optional(),
|
|
5132
|
+
"taskType": z.enum(["general", "find_evidence", "verify_claim", "research", "review", "interview", "analysis", "track_metrics"]).optional(),
|
|
5133
|
+
"assigneeId": z.string().optional(),
|
|
5134
|
+
"blockedReason": z.string().optional(),
|
|
5135
|
+
"blockedBy": z.array(idOf("tasks")).optional(),
|
|
5136
|
+
"blocks": z.array(idOf("tasks")).optional(),
|
|
5137
|
+
"sortOrder": z.number().optional(),
|
|
5138
|
+
"executionOrder": z.number().optional(),
|
|
5139
|
+
"subtasks": z.array(z.object({
|
|
5140
|
+
"id": z.string(),
|
|
5141
|
+
"title": z.string(),
|
|
5142
|
+
"completed": z.boolean(),
|
|
5143
|
+
"completedAt": z.number().optional()
|
|
5144
|
+
})).optional(),
|
|
5145
|
+
"comments": z.array(z.object({
|
|
5146
|
+
"id": z.string(),
|
|
5147
|
+
"userId": z.string(),
|
|
5148
|
+
"content": z.string(),
|
|
5149
|
+
"createdAt": z.number()
|
|
5150
|
+
})).optional(),
|
|
5151
|
+
"attachments": z.array(z.object({
|
|
4205
5152
|
"id": z.string(),
|
|
4206
5153
|
"type": z.enum(["call_script", "email_template", "research_plan", "framework", "checklist", "note", "file", "transcript"]),
|
|
4207
5154
|
"title": z.string(),
|
|
@@ -4354,6 +5301,7 @@ defineTable({
|
|
|
4354
5301
|
"updatedAt": z.number()
|
|
4355
5302
|
}),
|
|
4356
5303
|
indices: [
|
|
5304
|
+
{ kind: "index", name: "by_globalId", columns: ["globalId"] },
|
|
4357
5305
|
{ kind: "index", name: "by_parent", columns: ["parentTopicId"] },
|
|
4358
5306
|
{ kind: "index", name: "by_type", columns: ["type"] },
|
|
4359
5307
|
{ kind: "index", name: "by_graph_scope_project", columns: ["graphScopeProjectId"] },
|
|
@@ -4365,7 +5313,7 @@ defineTable({
|
|
|
4365
5313
|
});
|
|
4366
5314
|
defineTable({
|
|
4367
5315
|
name: "users",
|
|
4368
|
-
component: "
|
|
5316
|
+
component: "control-plane",
|
|
4369
5317
|
category: "user",
|
|
4370
5318
|
shape: z.object({
|
|
4371
5319
|
"clerkId": z.string(),
|
|
@@ -4479,7 +5427,6 @@ defineTable({
|
|
|
4479
5427
|
"deployments": z.record(z.object({
|
|
4480
5428
|
"url": z.string(),
|
|
4481
5429
|
"target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
|
|
4482
|
-
"encryptedDeployKey": z.string().optional(),
|
|
4483
5430
|
"credentialRef": z.string().optional()
|
|
4484
5431
|
})).optional(),
|
|
4485
5432
|
"metadata": z.record(z.any()).optional(),
|
|
@@ -4494,6 +5441,39 @@ defineTable({
|
|
|
4494
5441
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
4495
5442
|
]
|
|
4496
5443
|
});
|
|
5444
|
+
defineTable({
|
|
5445
|
+
name: "deploymentHosts",
|
|
5446
|
+
component: "mc",
|
|
5447
|
+
category: "workspace",
|
|
5448
|
+
shape: z.object({
|
|
5449
|
+
"host": z.string(),
|
|
5450
|
+
"tenantId": idOf("tenants"),
|
|
5451
|
+
"workspaceId": idOf("workspaces"),
|
|
5452
|
+
"environment": z.enum(["dev", "staging", "prod"]),
|
|
5453
|
+
"target": z.enum(["kernelDeployment", "appDeployment"]),
|
|
5454
|
+
"deploymentUrl": z.string().optional(),
|
|
5455
|
+
"deploymentName": z.string().optional(),
|
|
5456
|
+
"vercelProjectName": z.string().optional(),
|
|
5457
|
+
"vercelProjectId": z.string().optional(),
|
|
5458
|
+
"vercelEnvironment": z.enum(["development", "preview", "staging", "production"]).optional(),
|
|
5459
|
+
"source": z.enum(["vercel_preview", "vercel_production", "vercel_custom_environment", "custom_domain", "manual"]),
|
|
5460
|
+
"status": z.enum(["active", "revoked"]),
|
|
5461
|
+
"metadata": z.record(z.any()).optional(),
|
|
5462
|
+
"createdBy": z.string(),
|
|
5463
|
+
"createdAt": z.number(),
|
|
5464
|
+
"updatedAt": z.number(),
|
|
5465
|
+
"revokedAt": z.number().optional(),
|
|
5466
|
+
"revokedBy": z.string().optional()
|
|
5467
|
+
}),
|
|
5468
|
+
indices: [
|
|
5469
|
+
{ kind: "index", name: "by_host", columns: ["host"] },
|
|
5470
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
5471
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
5472
|
+
{ kind: "index", name: "by_tenant_workspace_environment", columns: ["tenantId", "workspaceId", "environment"] },
|
|
5473
|
+
{ kind: "index", name: "by_workspace_status", columns: ["workspaceId", "status"] },
|
|
5474
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
5475
|
+
]
|
|
5476
|
+
});
|
|
4497
5477
|
defineTable({
|
|
4498
5478
|
name: "worktreeBeliefCluster",
|
|
4499
5479
|
component: "kernel",
|
|
@@ -4801,8 +5781,8 @@ defineTable({
|
|
|
4801
5781
|
});
|
|
4802
5782
|
z.object({
|
|
4803
5783
|
manifestVersion: z.string(),
|
|
4804
|
-
componentName: z.enum(["kernel", "
|
|
4805
|
-
tier: z.enum(["K", "
|
|
5784
|
+
componentName: z.enum(["kernel", "control-plane"]),
|
|
5785
|
+
tier: z.enum(["K", "CP"]),
|
|
4806
5786
|
packageVersion: z.string(),
|
|
4807
5787
|
tables: z.array(
|
|
4808
5788
|
z.object({
|
|
@@ -4969,7 +5949,7 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
|
4969
5949
|
},
|
|
4970
5950
|
{
|
|
4971
5951
|
packageName: "@lucern/control-plane",
|
|
4972
|
-
role: "
|
|
5952
|
+
role: "component_runtime",
|
|
4973
5953
|
directTenantImport: false
|
|
4974
5954
|
},
|
|
4975
5955
|
{
|
|
@@ -4978,79 +5958,948 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
|
4978
5958
|
directTenantImport: false
|
|
4979
5959
|
},
|
|
4980
5960
|
{
|
|
4981
|
-
packageName: "@lucern/events",
|
|
4982
|
-
role: "sdk_dependency",
|
|
4983
|
-
directTenantImport: false
|
|
5961
|
+
packageName: "@lucern/events",
|
|
5962
|
+
role: "sdk_dependency",
|
|
5963
|
+
directTenantImport: false
|
|
5964
|
+
},
|
|
5965
|
+
{
|
|
5966
|
+
packageName: "@lucern/graph-primitives",
|
|
5967
|
+
role: "sdk_dependency",
|
|
5968
|
+
directTenantImport: false
|
|
5969
|
+
},
|
|
5970
|
+
{
|
|
5971
|
+
packageName: "@lucern/graph-sync",
|
|
5972
|
+
role: "host_addon_runtime",
|
|
5973
|
+
directTenantImport: true
|
|
5974
|
+
},
|
|
5975
|
+
{
|
|
5976
|
+
packageName: "@lucern/mcp",
|
|
5977
|
+
role: "runtime_entrypoint",
|
|
5978
|
+
directTenantImport: true
|
|
5979
|
+
},
|
|
5980
|
+
{
|
|
5981
|
+
packageName: "@lucern/pack-host",
|
|
5982
|
+
role: "platform_runtime",
|
|
5983
|
+
directTenantImport: false
|
|
5984
|
+
},
|
|
5985
|
+
{
|
|
5986
|
+
packageName: "@lucern/pack-installer",
|
|
5987
|
+
role: "developer_tool",
|
|
5988
|
+
directTenantImport: false
|
|
5989
|
+
},
|
|
5990
|
+
{
|
|
5991
|
+
packageName: "@lucern/proof-compiler",
|
|
5992
|
+
role: "developer_tool",
|
|
5993
|
+
directTenantImport: false
|
|
5994
|
+
},
|
|
5995
|
+
{
|
|
5996
|
+
packageName: "@lucern/react",
|
|
5997
|
+
role: "runtime_entrypoint",
|
|
5998
|
+
directTenantImport: true
|
|
5999
|
+
},
|
|
6000
|
+
{
|
|
6001
|
+
packageName: "@lucern/reasoning-kernel",
|
|
6002
|
+
role: "component_runtime",
|
|
6003
|
+
directTenantImport: false
|
|
6004
|
+
},
|
|
6005
|
+
{
|
|
6006
|
+
packageName: "@lucern/sdk",
|
|
6007
|
+
role: "runtime_entrypoint",
|
|
6008
|
+
directTenantImport: true
|
|
6009
|
+
},
|
|
6010
|
+
{
|
|
6011
|
+
packageName: "@lucern/secrets",
|
|
6012
|
+
role: "sdk_dependency",
|
|
6013
|
+
directTenantImport: false
|
|
6014
|
+
},
|
|
6015
|
+
{
|
|
6016
|
+
packageName: "@lucern/server-core",
|
|
6017
|
+
role: "platform_runtime",
|
|
6018
|
+
directTenantImport: false
|
|
6019
|
+
},
|
|
6020
|
+
{
|
|
6021
|
+
packageName: "@lucern/testing",
|
|
6022
|
+
role: "test_support",
|
|
6023
|
+
directTenantImport: false
|
|
6024
|
+
},
|
|
6025
|
+
{
|
|
6026
|
+
packageName: "@lucern/types",
|
|
6027
|
+
role: "contract_entrypoint",
|
|
6028
|
+
directTenantImport: true
|
|
6029
|
+
}
|
|
6030
|
+
];
|
|
6031
|
+
TENANT_CLIENT_INSTALLABLE_PACKAGES.map(
|
|
6032
|
+
(entry) => entry.packageName
|
|
6033
|
+
);
|
|
6034
|
+
|
|
6035
|
+
// ../contracts/src/infisical-runtime.contract.ts
|
|
6036
|
+
var INFISICAL_TENANT_SOFTWARE_SYSTEMS = [
|
|
6037
|
+
{
|
|
6038
|
+
id: "stack-frontend",
|
|
6039
|
+
tenantKey: "stack",
|
|
6040
|
+
workspaceKey: "frontend",
|
|
6041
|
+
vercelProjectName: "ai-chatbot-diao",
|
|
6042
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6043
|
+
vercelProjectId: "prj_PihFw8kohSSw14nZs9YQV3xVo517",
|
|
6044
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
6045
|
+
repository: {
|
|
6046
|
+
owner: "stack-vc",
|
|
6047
|
+
name: "front-end"
|
|
6048
|
+
},
|
|
6049
|
+
sharedSourcePath: "/tenants/stack",
|
|
6050
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6051
|
+
convex: {
|
|
6052
|
+
urlEnv: "CONVEX_FRONTEND_URL",
|
|
6053
|
+
deployKeyEnv: "CONVEX_FRONTEND_DEPLOY_KEY",
|
|
6054
|
+
preprodDeployment: "rugged-lobster-664",
|
|
6055
|
+
prodDeployment: "wonderful-toucan-0"
|
|
6056
|
+
}
|
|
6057
|
+
},
|
|
6058
|
+
{
|
|
6059
|
+
id: "stackos",
|
|
6060
|
+
tenantKey: "stack",
|
|
6061
|
+
workspaceKey: "stackos",
|
|
6062
|
+
vercelProjectName: "stackos",
|
|
6063
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6064
|
+
vercelProjectId: "prj_rXLAL0Z6v9p1fasKbomby6GI7kau",
|
|
6065
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
6066
|
+
repository: {
|
|
6067
|
+
owner: "stack-vc",
|
|
6068
|
+
name: "stackos"
|
|
6069
|
+
},
|
|
6070
|
+
sharedSourcePath: "/tenants/stack",
|
|
6071
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6072
|
+
convex: {
|
|
6073
|
+
urlEnv: "CONVEX_STACKOS_URL",
|
|
6074
|
+
deployKeyEnv: "CONVEX_STACKOS_DEPLOY_KEY",
|
|
6075
|
+
preprodDeployment: "giant-mandrill-761",
|
|
6076
|
+
prodDeployment: "good-snake-515"
|
|
6077
|
+
}
|
|
6078
|
+
},
|
|
6079
|
+
{
|
|
6080
|
+
id: "stack-eng",
|
|
6081
|
+
tenantKey: "stack",
|
|
6082
|
+
workspaceKey: "engineering",
|
|
6083
|
+
vercelProjectName: "stackos-engineering-graph",
|
|
6084
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6085
|
+
vercelProjectId: "prj_zAU0Zn9GkbHjHI63dxW4vLpmoqTJ",
|
|
6086
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
6087
|
+
repository: {
|
|
6088
|
+
owner: "stack-vc",
|
|
6089
|
+
name: "stackos-engineering-graph"
|
|
6090
|
+
},
|
|
6091
|
+
sharedSourcePath: "/tenants/stack/engineering",
|
|
6092
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6093
|
+
convex: {
|
|
6094
|
+
urlEnv: "CONVEX_STACK_ENG_URL",
|
|
6095
|
+
deployKeyEnv: "CONVEX_STACK_ENG_DEPLOY_KEY",
|
|
6096
|
+
preprodDeployment: "small-oyster-270",
|
|
6097
|
+
prodDeployment: "bold-cuttlefish-804"
|
|
6098
|
+
}
|
|
6099
|
+
},
|
|
6100
|
+
{
|
|
6101
|
+
id: "lucern-graph",
|
|
6102
|
+
tenantKey: "lucern",
|
|
6103
|
+
workspaceKey: "lucern",
|
|
6104
|
+
vercelProjectName: "lucern-graph",
|
|
6105
|
+
vercelTeamId: "team_vTHxxs8GAoAFUe6RWMlYt7fY",
|
|
6106
|
+
vercelProjectId: "prj_KJ8EKV8vGM5xURpqmwTwmECEGPgQ",
|
|
6107
|
+
vercelWriterTokenEnv: "LUCERN_VERCEL_TOKEN",
|
|
6108
|
+
repository: {
|
|
6109
|
+
owner: "LucernAI",
|
|
6110
|
+
name: "lucern-graph"
|
|
6111
|
+
},
|
|
6112
|
+
sharedSourcePath: "/tenants/lucern/shared",
|
|
6113
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6114
|
+
convex: {
|
|
6115
|
+
urlEnv: "CONVEX_LUCERN_URL",
|
|
6116
|
+
deployKeyEnv: "CONVEX_LUCERN_DEPLOY_KEY",
|
|
6117
|
+
preprodDeployment: "good-blackbird-774",
|
|
6118
|
+
prodDeployment: "precious-dog-365"
|
|
6119
|
+
}
|
|
6120
|
+
}
|
|
6121
|
+
];
|
|
6122
|
+
var TENANT_SHARED_SECRET_DEFINITION_TEMPLATES = [
|
|
6123
|
+
{
|
|
6124
|
+
idSuffix: "clerk.publishable",
|
|
6125
|
+
canonicalName: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY",
|
|
6126
|
+
aliases: ["CLERK_PUBLISHABLE_KEY"],
|
|
6127
|
+
required: true,
|
|
6128
|
+
secret: false,
|
|
6129
|
+
public: true,
|
|
6130
|
+
description: "Tenant-owned Clerk browser key. For Stack this is the master clerk.stack.vc project shared by front-end, StackOS, and the engineering workspace."
|
|
6131
|
+
},
|
|
6132
|
+
{
|
|
6133
|
+
idSuffix: "clerk.secret",
|
|
6134
|
+
canonicalName: "CLERK_SECRET_KEY",
|
|
6135
|
+
required: true,
|
|
6136
|
+
secret: true,
|
|
6137
|
+
public: false,
|
|
6138
|
+
description: "Tenant-owned Clerk backend secret used only by that tenant's server runtimes."
|
|
6139
|
+
},
|
|
6140
|
+
{
|
|
6141
|
+
idSuffix: "clerk.project",
|
|
6142
|
+
canonicalName: "CLERK_PROJECT_ID",
|
|
6143
|
+
required: true,
|
|
6144
|
+
secret: false,
|
|
6145
|
+
public: false,
|
|
6146
|
+
description: "Tenant-owned Clerk project id used to resolve canonical Clerk aliases."
|
|
6147
|
+
},
|
|
6148
|
+
{
|
|
6149
|
+
idSuffix: "clerk.jwks",
|
|
6150
|
+
canonicalName: "CLERK_JWT_ISSUER_DOMAIN",
|
|
6151
|
+
aliases: ["CLERK_ISSUER_URL", "CLERK_JWKS_URL"],
|
|
6152
|
+
required: false,
|
|
6153
|
+
secret: false,
|
|
6154
|
+
public: false,
|
|
6155
|
+
description: "Tenant Clerk issuer/JWKS URL consumed by Convex auth.config.ts."
|
|
6156
|
+
},
|
|
6157
|
+
{
|
|
6158
|
+
idSuffix: "clerk.jwt-key",
|
|
6159
|
+
canonicalName: "CLERK_JWT_KEY",
|
|
6160
|
+
required: false,
|
|
6161
|
+
secret: true,
|
|
6162
|
+
public: false,
|
|
6163
|
+
description: "Tenant Clerk JWT public verification key used by bearer-token API routes."
|
|
6164
|
+
},
|
|
6165
|
+
{
|
|
6166
|
+
idSuffix: "clerk.authorized-parties",
|
|
6167
|
+
canonicalName: "CLERK_AUTHORIZED_PARTIES",
|
|
6168
|
+
aliases: ["CLERK_MOBILE_AUTHORIZED_PARTIES"],
|
|
6169
|
+
required: false,
|
|
6170
|
+
secret: false,
|
|
6171
|
+
public: false,
|
|
6172
|
+
description: "Comma-separated Clerk authorized parties for browser and mobile bearer-token validation."
|
|
6173
|
+
},
|
|
6174
|
+
{
|
|
6175
|
+
idSuffix: "clerk.sign-in-url",
|
|
6176
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_IN_URL",
|
|
6177
|
+
required: false,
|
|
6178
|
+
secret: false,
|
|
6179
|
+
public: true,
|
|
6180
|
+
description: "Tenant Clerk sign-in route for custom app login surfaces."
|
|
6181
|
+
},
|
|
6182
|
+
{
|
|
6183
|
+
idSuffix: "clerk.sign-up-url",
|
|
6184
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_UP_URL",
|
|
6185
|
+
required: false,
|
|
6186
|
+
secret: false,
|
|
6187
|
+
public: true,
|
|
6188
|
+
description: "Tenant Clerk sign-up route for custom app login surfaces."
|
|
6189
|
+
}
|
|
6190
|
+
];
|
|
6191
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6192
|
+
(system) => TENANT_SHARED_SECRET_DEFINITION_TEMPLATES.map(
|
|
6193
|
+
(template) => ({
|
|
6194
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6195
|
+
canonicalName: template.canonicalName,
|
|
6196
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6197
|
+
owner: "tenant",
|
|
6198
|
+
scope: "tenant",
|
|
6199
|
+
sourcePath: system.sharedSourcePath,
|
|
6200
|
+
environmentPolicy: "environment_specific",
|
|
6201
|
+
required: template.required,
|
|
6202
|
+
secret: template.secret,
|
|
6203
|
+
public: template.public,
|
|
6204
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6205
|
+
destinations: [
|
|
6206
|
+
{
|
|
6207
|
+
kind: "vercel",
|
|
6208
|
+
target: system.vercelProjectName,
|
|
6209
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6210
|
+
},
|
|
6211
|
+
{
|
|
6212
|
+
kind: "convex",
|
|
6213
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6214
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6215
|
+
}
|
|
6216
|
+
],
|
|
6217
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6218
|
+
})
|
|
6219
|
+
)
|
|
6220
|
+
);
|
|
6221
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.map(
|
|
6222
|
+
(system) => ({
|
|
6223
|
+
id: `tenant.${system.id}.install-lucern-npm`,
|
|
6224
|
+
canonicalName: "INSTALL_LUCERN_NPM",
|
|
6225
|
+
owner: "provider",
|
|
6226
|
+
scope: "global",
|
|
6227
|
+
sourcePath: "/tenants/shared",
|
|
6228
|
+
environmentPolicy: "same_all_environments",
|
|
6229
|
+
required: true,
|
|
6230
|
+
secret: true,
|
|
6231
|
+
public: false,
|
|
6232
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6233
|
+
destinations: [
|
|
6234
|
+
{
|
|
6235
|
+
kind: "vercel",
|
|
6236
|
+
target: system.vercelProjectName,
|
|
6237
|
+
environmentPolicy: "same_all_environments"
|
|
6238
|
+
},
|
|
6239
|
+
{
|
|
6240
|
+
kind: "github_actions",
|
|
6241
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6242
|
+
environmentPolicy: "same_all_environments"
|
|
6243
|
+
}
|
|
6244
|
+
],
|
|
6245
|
+
description: `${system.tenantKey}/${system.workspaceKey}: read-only npm install token for published @lucern/* packages.`
|
|
6246
|
+
})
|
|
6247
|
+
);
|
|
6248
|
+
var TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS = ["stack-frontend", "stackos"];
|
|
6249
|
+
var TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES = [
|
|
6250
|
+
{
|
|
6251
|
+
idSuffix: "ai.openai-api-key",
|
|
6252
|
+
canonicalName: "OPENAI_API_KEY",
|
|
6253
|
+
required: false,
|
|
6254
|
+
secret: true,
|
|
6255
|
+
public: false,
|
|
6256
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6257
|
+
description: "Tenant-owned OpenAI key for product runtime LLM calls."
|
|
6258
|
+
},
|
|
6259
|
+
{
|
|
6260
|
+
idSuffix: "ai.anthropic-api-key",
|
|
6261
|
+
canonicalName: "ANTHROPIC_API_KEY",
|
|
6262
|
+
required: false,
|
|
6263
|
+
secret: true,
|
|
6264
|
+
public: false,
|
|
6265
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6266
|
+
description: "Tenant-owned Anthropic key for product runtime LLM calls."
|
|
6267
|
+
},
|
|
6268
|
+
{
|
|
6269
|
+
idSuffix: "ai.gemini-api-key",
|
|
6270
|
+
canonicalName: "GEMINI_API_KEY",
|
|
6271
|
+
aliases: ["GOOGLE_AI_API_KEY", "GOOGLE_GENERATIVE_AI_API_KEY"],
|
|
6272
|
+
required: false,
|
|
6273
|
+
secret: true,
|
|
6274
|
+
public: false,
|
|
6275
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6276
|
+
description: "Tenant-owned Google/Gemini key for product runtime LLM calls."
|
|
6277
|
+
},
|
|
6278
|
+
{
|
|
6279
|
+
idSuffix: "langfuse.secret-key",
|
|
6280
|
+
canonicalName: "LANGFUSE_SECRET_KEY",
|
|
6281
|
+
required: false,
|
|
6282
|
+
secret: true,
|
|
6283
|
+
public: false,
|
|
6284
|
+
consumers: [
|
|
6285
|
+
"tenant-vercel-app",
|
|
6286
|
+
"tenant-convex-deployment",
|
|
6287
|
+
"tenant-observability"
|
|
6288
|
+
],
|
|
6289
|
+
description: "Tenant-owned Langfuse secret key for product AI tracing."
|
|
6290
|
+
},
|
|
6291
|
+
{
|
|
6292
|
+
idSuffix: "langfuse.public-key",
|
|
6293
|
+
canonicalName: "LANGFUSE_PUBLIC_KEY",
|
|
6294
|
+
required: false,
|
|
6295
|
+
secret: false,
|
|
6296
|
+
public: false,
|
|
6297
|
+
consumers: [
|
|
6298
|
+
"tenant-vercel-app",
|
|
6299
|
+
"tenant-convex-deployment",
|
|
6300
|
+
"tenant-observability"
|
|
6301
|
+
],
|
|
6302
|
+
description: "Tenant-owned Langfuse public key for product AI tracing."
|
|
6303
|
+
},
|
|
6304
|
+
{
|
|
6305
|
+
idSuffix: "langfuse.base-url",
|
|
6306
|
+
canonicalName: "LANGFUSE_BASE_URL",
|
|
6307
|
+
aliases: ["LANGFUSE_BASEURL", "LANGFUSE_HOST"],
|
|
6308
|
+
required: false,
|
|
6309
|
+
secret: false,
|
|
6310
|
+
public: false,
|
|
6311
|
+
consumers: [
|
|
6312
|
+
"tenant-vercel-app",
|
|
6313
|
+
"tenant-convex-deployment",
|
|
6314
|
+
"tenant-observability"
|
|
6315
|
+
],
|
|
6316
|
+
description: "Tenant-owned Langfuse API origin."
|
|
6317
|
+
},
|
|
6318
|
+
{
|
|
6319
|
+
idSuffix: "graph.neo4j-uri",
|
|
6320
|
+
canonicalName: "NEO4J_URI",
|
|
6321
|
+
required: false,
|
|
6322
|
+
secret: false,
|
|
6323
|
+
public: false,
|
|
6324
|
+
consumers: [
|
|
6325
|
+
"tenant-vercel-app",
|
|
6326
|
+
"tenant-convex-deployment",
|
|
6327
|
+
"tenant-graph-sync"
|
|
6328
|
+
],
|
|
6329
|
+
description: "Tenant-owned Neo4j URI for product graph-sync."
|
|
6330
|
+
},
|
|
6331
|
+
{
|
|
6332
|
+
idSuffix: "graph.neo4j-user",
|
|
6333
|
+
canonicalName: "NEO4J_USER",
|
|
6334
|
+
aliases: ["NEO4J_USERNAME"],
|
|
6335
|
+
required: false,
|
|
6336
|
+
secret: false,
|
|
6337
|
+
public: false,
|
|
6338
|
+
consumers: [
|
|
6339
|
+
"tenant-vercel-app",
|
|
6340
|
+
"tenant-convex-deployment",
|
|
6341
|
+
"tenant-graph-sync"
|
|
6342
|
+
],
|
|
6343
|
+
description: "Tenant-owned Neo4j user for product graph-sync."
|
|
6344
|
+
},
|
|
6345
|
+
{
|
|
6346
|
+
idSuffix: "graph.neo4j-password",
|
|
6347
|
+
canonicalName: "NEO4J_PASSWORD",
|
|
6348
|
+
required: false,
|
|
6349
|
+
secret: true,
|
|
6350
|
+
public: false,
|
|
6351
|
+
consumers: [
|
|
6352
|
+
"tenant-vercel-app",
|
|
6353
|
+
"tenant-convex-deployment",
|
|
6354
|
+
"tenant-graph-sync"
|
|
6355
|
+
],
|
|
6356
|
+
description: "Tenant-owned Neo4j password for product graph-sync."
|
|
6357
|
+
},
|
|
6358
|
+
{
|
|
6359
|
+
idSuffix: "graph.neo4j-sync-secret",
|
|
6360
|
+
canonicalName: "NEO4J_SYNC_SECRET",
|
|
6361
|
+
required: false,
|
|
6362
|
+
secret: true,
|
|
6363
|
+
public: false,
|
|
6364
|
+
consumers: [
|
|
6365
|
+
"tenant-vercel-app",
|
|
6366
|
+
"tenant-convex-deployment",
|
|
6367
|
+
"tenant-graph-sync"
|
|
6368
|
+
],
|
|
6369
|
+
description: "Tenant-owned shared secret for product Convex-to-HTTP graph-sync calls."
|
|
6370
|
+
},
|
|
6371
|
+
{
|
|
6372
|
+
idSuffix: "graph.neo4j-database",
|
|
6373
|
+
canonicalName: "NEO4J_DATABASE",
|
|
6374
|
+
required: false,
|
|
6375
|
+
secret: false,
|
|
6376
|
+
public: false,
|
|
6377
|
+
consumers: [
|
|
6378
|
+
"tenant-vercel-app",
|
|
6379
|
+
"tenant-convex-deployment",
|
|
6380
|
+
"tenant-graph-sync"
|
|
6381
|
+
],
|
|
6382
|
+
description: "Tenant-owned Neo4j database name for product graph-sync."
|
|
6383
|
+
},
|
|
6384
|
+
{
|
|
6385
|
+
idSuffix: "vector.pinecone-api-key",
|
|
6386
|
+
canonicalName: "PINECONE_API_KEY",
|
|
6387
|
+
required: false,
|
|
6388
|
+
secret: true,
|
|
6389
|
+
public: false,
|
|
6390
|
+
consumers: [
|
|
6391
|
+
"tenant-vercel-app",
|
|
6392
|
+
"tenant-convex-deployment",
|
|
6393
|
+
"tenant-vector-store"
|
|
6394
|
+
],
|
|
6395
|
+
description: "Tenant-owned Pinecone API key for product vector search."
|
|
6396
|
+
},
|
|
6397
|
+
{
|
|
6398
|
+
idSuffix: "vector.pinecone-index-name",
|
|
6399
|
+
canonicalName: "PINECONE_INDEX_NAME",
|
|
6400
|
+
aliases: ["PINECONE_INDEX"],
|
|
6401
|
+
required: false,
|
|
6402
|
+
secret: false,
|
|
6403
|
+
public: false,
|
|
6404
|
+
consumers: [
|
|
6405
|
+
"tenant-vercel-app",
|
|
6406
|
+
"tenant-convex-deployment",
|
|
6407
|
+
"tenant-vector-store"
|
|
6408
|
+
],
|
|
6409
|
+
description: "Tenant-owned Pinecone index name for product vector search."
|
|
6410
|
+
},
|
|
6411
|
+
{
|
|
6412
|
+
idSuffix: "vector.pinecone-host",
|
|
6413
|
+
canonicalName: "PINECONE_HOST",
|
|
6414
|
+
aliases: ["PINECONE_INDEX_HOST"],
|
|
6415
|
+
required: false,
|
|
6416
|
+
secret: false,
|
|
6417
|
+
public: false,
|
|
6418
|
+
consumers: [
|
|
6419
|
+
"tenant-vercel-app",
|
|
6420
|
+
"tenant-convex-deployment",
|
|
6421
|
+
"tenant-vector-store"
|
|
6422
|
+
],
|
|
6423
|
+
description: "Tenant-owned Pinecone host for product vector search."
|
|
6424
|
+
},
|
|
6425
|
+
{
|
|
6426
|
+
idSuffix: "vector.pinecone-namespace",
|
|
6427
|
+
canonicalName: "PINECONE_NAMESPACE",
|
|
6428
|
+
required: false,
|
|
6429
|
+
secret: false,
|
|
6430
|
+
public: false,
|
|
6431
|
+
consumers: [
|
|
6432
|
+
"tenant-vercel-app",
|
|
6433
|
+
"tenant-convex-deployment",
|
|
6434
|
+
"tenant-vector-store"
|
|
6435
|
+
],
|
|
6436
|
+
description: "Tenant-owned Pinecone namespace for product vector search isolation."
|
|
6437
|
+
},
|
|
6438
|
+
{
|
|
6439
|
+
idSuffix: "storage.aws-access-key-id",
|
|
6440
|
+
canonicalName: "AWS_ACCESS_KEY_ID",
|
|
6441
|
+
required: false,
|
|
6442
|
+
secret: true,
|
|
6443
|
+
public: false,
|
|
6444
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6445
|
+
description: "Tenant-owned AWS access key id for document/file ingestion."
|
|
6446
|
+
},
|
|
6447
|
+
{
|
|
6448
|
+
idSuffix: "storage.aws-secret-access-key",
|
|
6449
|
+
canonicalName: "AWS_SECRET_ACCESS_KEY",
|
|
6450
|
+
required: false,
|
|
6451
|
+
secret: true,
|
|
6452
|
+
public: false,
|
|
6453
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6454
|
+
description: "Tenant-owned AWS secret access key for document/file ingestion."
|
|
4984
6455
|
},
|
|
4985
6456
|
{
|
|
4986
|
-
|
|
4987
|
-
|
|
4988
|
-
|
|
6457
|
+
idSuffix: "storage.aws-region",
|
|
6458
|
+
canonicalName: "AWS_REGION",
|
|
6459
|
+
required: false,
|
|
6460
|
+
secret: false,
|
|
6461
|
+
public: false,
|
|
6462
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6463
|
+
description: "Tenant-owned AWS region for document/file ingestion."
|
|
4989
6464
|
},
|
|
4990
6465
|
{
|
|
4991
|
-
|
|
4992
|
-
|
|
4993
|
-
|
|
6466
|
+
idSuffix: "observability.sentry-dsn",
|
|
6467
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_DSN",
|
|
6468
|
+
aliases: ["NEXT_PUBLIC_SENTRY_DSN_NEXTJS", "SENTRY_DSN"],
|
|
6469
|
+
required: false,
|
|
6470
|
+
secret: false,
|
|
6471
|
+
public: true,
|
|
6472
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6473
|
+
description: "Tenant-owned Sentry DSN for app telemetry."
|
|
4994
6474
|
},
|
|
4995
6475
|
{
|
|
4996
|
-
|
|
4997
|
-
|
|
4998
|
-
|
|
6476
|
+
idSuffix: "observability.sentry-auth-token",
|
|
6477
|
+
canonicalName: "SENTRY_AUTH_TOKEN",
|
|
6478
|
+
required: false,
|
|
6479
|
+
secret: true,
|
|
6480
|
+
public: false,
|
|
6481
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6482
|
+
description: "Tenant-owned Sentry release token for app deployments."
|
|
4999
6483
|
},
|
|
5000
6484
|
{
|
|
5001
|
-
|
|
5002
|
-
|
|
5003
|
-
|
|
6485
|
+
idSuffix: "observability.sentry-org",
|
|
6486
|
+
canonicalName: "SENTRY_ORG",
|
|
6487
|
+
aliases: ["SENTRY_ORG_SLUG"],
|
|
6488
|
+
required: false,
|
|
6489
|
+
secret: false,
|
|
6490
|
+
public: false,
|
|
6491
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6492
|
+
description: "Tenant-owned Sentry org slug for release uploads."
|
|
5004
6493
|
},
|
|
5005
6494
|
{
|
|
5006
|
-
|
|
5007
|
-
|
|
5008
|
-
|
|
6495
|
+
idSuffix: "observability.sentry-project",
|
|
6496
|
+
canonicalName: "SENTRY_PROJECT",
|
|
6497
|
+
aliases: ["SENTRY_PROJECT_NEXTJS"],
|
|
6498
|
+
required: false,
|
|
6499
|
+
secret: false,
|
|
6500
|
+
public: false,
|
|
6501
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6502
|
+
description: "Tenant-owned Sentry project slug for release uploads."
|
|
5009
6503
|
},
|
|
5010
6504
|
{
|
|
5011
|
-
|
|
5012
|
-
|
|
5013
|
-
|
|
6505
|
+
idSuffix: "observability.sentry-environment",
|
|
6506
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_ENVIRONMENT",
|
|
6507
|
+
aliases: ["SENTRY_ENVIRONMENT"],
|
|
6508
|
+
required: false,
|
|
6509
|
+
secret: false,
|
|
6510
|
+
public: true,
|
|
6511
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6512
|
+
description: "Tenant-owned Sentry environment label."
|
|
5014
6513
|
},
|
|
5015
6514
|
{
|
|
5016
|
-
|
|
5017
|
-
|
|
5018
|
-
|
|
6515
|
+
idSuffix: "observability.sentry-release",
|
|
6516
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_RELEASE",
|
|
6517
|
+
aliases: ["SENTRY_RELEASE"],
|
|
6518
|
+
required: false,
|
|
6519
|
+
secret: false,
|
|
6520
|
+
public: true,
|
|
6521
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6522
|
+
description: "Tenant-owned Sentry release label."
|
|
5019
6523
|
},
|
|
5020
6524
|
{
|
|
5021
|
-
|
|
5022
|
-
|
|
5023
|
-
|
|
6525
|
+
idSuffix: "observability.sentry-client-options",
|
|
6526
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE",
|
|
6527
|
+
aliases: [
|
|
6528
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS",
|
|
6529
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS_NEXTJS",
|
|
6530
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS",
|
|
6531
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS_NEXTJS",
|
|
6532
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS",
|
|
6533
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS_NEXTJS",
|
|
6534
|
+
"NEXT_PUBLIC_SENTRY_ENABLE_LOGS",
|
|
6535
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_ON_ERROR_SAMPLE_RATE",
|
|
6536
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_SESSION_SAMPLE_RATE",
|
|
6537
|
+
"NEXT_PUBLIC_SENTRY_SEND_DEFAULT_PII",
|
|
6538
|
+
"NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE_NEXTJS"
|
|
6539
|
+
],
|
|
6540
|
+
required: false,
|
|
6541
|
+
secret: false,
|
|
6542
|
+
public: true,
|
|
6543
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6544
|
+
description: "Tenant-owned public Sentry tuning values for Next.js client instrumentation."
|
|
5024
6545
|
},
|
|
5025
6546
|
{
|
|
5026
|
-
|
|
5027
|
-
|
|
5028
|
-
|
|
6547
|
+
idSuffix: "observability.sentry-webhook-secret",
|
|
6548
|
+
canonicalName: "SENTRY_WEBHOOK_SECRET",
|
|
6549
|
+
required: false,
|
|
6550
|
+
secret: true,
|
|
6551
|
+
public: false,
|
|
6552
|
+
consumers: ["tenant-convex-deployment", "tenant-observability"],
|
|
6553
|
+
description: "Tenant-owned Sentry webhook verification secret."
|
|
5029
6554
|
},
|
|
5030
6555
|
{
|
|
5031
|
-
|
|
5032
|
-
|
|
5033
|
-
|
|
6556
|
+
idSuffix: "lucern.gateway-api-key",
|
|
6557
|
+
canonicalName: "LUCERN_API_KEY",
|
|
6558
|
+
aliases: ["STACK_API_KEY"],
|
|
6559
|
+
required: false,
|
|
6560
|
+
secret: true,
|
|
6561
|
+
public: false,
|
|
6562
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6563
|
+
description: "Tenant-scoped Lucern/MC gateway API key for product front-door calls."
|
|
5034
6564
|
},
|
|
5035
6565
|
{
|
|
5036
|
-
|
|
5037
|
-
|
|
5038
|
-
|
|
6566
|
+
idSuffix: "lucern.gateway-base-url",
|
|
6567
|
+
canonicalName: "LUCERN_BASE_URL",
|
|
6568
|
+
aliases: ["LUCERN_API_BASE_URL", "LUCERN_GATEWAY_BASE_URL"],
|
|
6569
|
+
required: false,
|
|
6570
|
+
secret: false,
|
|
6571
|
+
public: false,
|
|
6572
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6573
|
+
description: "Lucern/MC gateway base URL used by tenant product apps."
|
|
5039
6574
|
},
|
|
5040
6575
|
{
|
|
5041
|
-
|
|
5042
|
-
|
|
5043
|
-
|
|
6576
|
+
idSuffix: "lucern.proxy-token-secret",
|
|
6577
|
+
canonicalName: "LUCERN_PROXY_TOKEN_SECRET",
|
|
6578
|
+
required: false,
|
|
6579
|
+
secret: true,
|
|
6580
|
+
public: false,
|
|
6581
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6582
|
+
description: "Tenant-owned secret for signing internal proxy/session tokens in product apps."
|
|
5044
6583
|
},
|
|
5045
6584
|
{
|
|
5046
|
-
|
|
5047
|
-
|
|
5048
|
-
|
|
6585
|
+
idSuffix: "tenant.integrations.linear-api-key",
|
|
6586
|
+
canonicalName: "LINEAR_API_KEY",
|
|
6587
|
+
required: false,
|
|
6588
|
+
secret: true,
|
|
6589
|
+
public: false,
|
|
6590
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6591
|
+
description: "Tenant-owned Linear API key for support/slash-command flows."
|
|
6592
|
+
},
|
|
6593
|
+
{
|
|
6594
|
+
idSuffix: "tenant.vercel.bypass-token",
|
|
6595
|
+
canonicalName: "VERCEL_AUTOMATION_BYPASS_SECRET",
|
|
6596
|
+
aliases: ["NEXT_PUBLIC_VERCEL_BYPASS_TOKEN"],
|
|
6597
|
+
required: false,
|
|
6598
|
+
secret: true,
|
|
6599
|
+
public: false,
|
|
6600
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6601
|
+
description: "Tenant-owned Vercel automation bypass token. Public alias is legacy and should be removed from app code."
|
|
5049
6602
|
}
|
|
5050
6603
|
];
|
|
5051
|
-
|
|
5052
|
-
(
|
|
6604
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.filter(
|
|
6605
|
+
(system) => TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS.includes(system.id)
|
|
6606
|
+
).flatMap(
|
|
6607
|
+
(system) => TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES.map(
|
|
6608
|
+
(template) => ({
|
|
6609
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6610
|
+
canonicalName: template.canonicalName,
|
|
6611
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6612
|
+
owner: "tenant",
|
|
6613
|
+
scope: "tenant",
|
|
6614
|
+
sourcePath: system.sharedSourcePath,
|
|
6615
|
+
environmentPolicy: "environment_specific",
|
|
6616
|
+
required: template.required,
|
|
6617
|
+
secret: template.secret,
|
|
6618
|
+
public: template.public,
|
|
6619
|
+
consumers: template.consumers,
|
|
6620
|
+
destinations: [
|
|
6621
|
+
{
|
|
6622
|
+
kind: "vercel",
|
|
6623
|
+
target: system.vercelProjectName,
|
|
6624
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6625
|
+
},
|
|
6626
|
+
{
|
|
6627
|
+
kind: "convex",
|
|
6628
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6629
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6630
|
+
},
|
|
6631
|
+
{
|
|
6632
|
+
kind: "github_actions",
|
|
6633
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6634
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6635
|
+
}
|
|
6636
|
+
],
|
|
6637
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6638
|
+
})
|
|
6639
|
+
)
|
|
6640
|
+
);
|
|
6641
|
+
function tenantVercelConvexUrlWriteNames(system) {
|
|
6642
|
+
const names = [system.convex.urlEnv, "NEXT_PUBLIC_CONVEX_URL"];
|
|
6643
|
+
if (system.id === "stack-eng") {
|
|
6644
|
+
return [...names, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6645
|
+
}
|
|
6646
|
+
return names;
|
|
6647
|
+
}
|
|
6648
|
+
function tenantRepositoryConvexUrlWriteNames(system) {
|
|
6649
|
+
if (system.id === "stack-eng") {
|
|
6650
|
+
return [system.convex.urlEnv, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6651
|
+
}
|
|
6652
|
+
return [system.convex.urlEnv];
|
|
6653
|
+
}
|
|
6654
|
+
function tenantRepositoryConvexDeployKeyWriteNames(system) {
|
|
6655
|
+
if (system.id === "stack-eng") {
|
|
6656
|
+
return [system.convex.deployKeyEnv, "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6657
|
+
}
|
|
6658
|
+
return [system.convex.deployKeyEnv];
|
|
6659
|
+
}
|
|
6660
|
+
function tenantConvexUrlAliases(system) {
|
|
6661
|
+
if (system.id === "stack-frontend") {
|
|
6662
|
+
return [
|
|
6663
|
+
"CONVEX_PROD_URL",
|
|
6664
|
+
"CONVEX_STACK_V2_PROD_URL",
|
|
6665
|
+
"CONVEX_STACK_V2_STAGING_URL",
|
|
6666
|
+
"STACK_CONVEX_URL"
|
|
6667
|
+
];
|
|
6668
|
+
}
|
|
6669
|
+
if (system.id === "stackos") {
|
|
6670
|
+
return [
|
|
6671
|
+
"CONVEX_CLOUD_URL",
|
|
6672
|
+
"CONVEX_STACK_URL",
|
|
6673
|
+
"CONVEX_URL",
|
|
6674
|
+
"CONVEX_URL_DEVELOPMENT",
|
|
6675
|
+
"CONVEX_URL_PRODUCTION",
|
|
6676
|
+
"STACK_CONVEX_URL"
|
|
6677
|
+
];
|
|
6678
|
+
}
|
|
6679
|
+
if (system.id === "stack-eng") {
|
|
6680
|
+
return ["STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6681
|
+
}
|
|
6682
|
+
if (system.id === "lucern-graph") {
|
|
6683
|
+
return [
|
|
6684
|
+
"CONVEX_GRAPH_URL",
|
|
6685
|
+
"LUCERN_PROD_URL",
|
|
6686
|
+
"NEXT_PUBLIC_LUCERN_GRAPH_URL"
|
|
6687
|
+
];
|
|
6688
|
+
}
|
|
6689
|
+
return void 0;
|
|
6690
|
+
}
|
|
6691
|
+
function tenantConvexDeployKeyAliases(system) {
|
|
6692
|
+
if (system.id === "stack-frontend") {
|
|
6693
|
+
return [
|
|
6694
|
+
"CONVEX_STACK_V2_PROD_DEPLOY_KEY",
|
|
6695
|
+
"CONVEX_STACK_V2_STAGING_DEPLOY_KEY",
|
|
6696
|
+
"STACK_DEPLOY_KEY"
|
|
6697
|
+
];
|
|
6698
|
+
}
|
|
6699
|
+
if (system.id === "stackos") {
|
|
6700
|
+
return [
|
|
6701
|
+
"CONVEX_DEPLOY_KEY",
|
|
6702
|
+
"CONVEX_DEV_DEPLOY_KEY",
|
|
6703
|
+
"CONVEX_PROD_DEPLOY_KEY",
|
|
6704
|
+
"CONVEX_STACK_DEPLOY_KEY",
|
|
6705
|
+
"STACK_DEPLOY_KEY"
|
|
6706
|
+
];
|
|
6707
|
+
}
|
|
6708
|
+
if (system.id === "stack-eng") {
|
|
6709
|
+
return ["CONVEX_DEPLOY_KEY", "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6710
|
+
}
|
|
6711
|
+
if (system.id === "lucern-graph") {
|
|
6712
|
+
return [
|
|
6713
|
+
"CONVEX_DEPLOY_KEY",
|
|
6714
|
+
"CONVEX_GRAPH_DEPLOY_KEY",
|
|
6715
|
+
"LUCERN_CONVEX_DEPLOY_KEY",
|
|
6716
|
+
"LUCERN_DEV_DEPLOY_KEY",
|
|
6717
|
+
"LUCERN_PROD_DEPLOY_KEY"
|
|
6718
|
+
];
|
|
6719
|
+
}
|
|
6720
|
+
return void 0;
|
|
6721
|
+
}
|
|
6722
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6723
|
+
(system) => {
|
|
6724
|
+
if (system.id === "lucern-graph") {
|
|
6725
|
+
return [
|
|
6726
|
+
{
|
|
6727
|
+
id: "tenant.lucern-graph.public.tenant-id",
|
|
6728
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_ID",
|
|
6729
|
+
aliases: ["NEXT_PUBLIC_LUCERN_TENANT_ID"],
|
|
6730
|
+
owner: "tenant",
|
|
6731
|
+
scope: "workspace",
|
|
6732
|
+
sourcePath: system.sharedSourcePath,
|
|
6733
|
+
environmentPolicy: "environment_specific",
|
|
6734
|
+
required: false,
|
|
6735
|
+
secret: false,
|
|
6736
|
+
public: true,
|
|
6737
|
+
consumers: ["tenant-vercel-app"],
|
|
6738
|
+
destinations: [
|
|
6739
|
+
{
|
|
6740
|
+
kind: "vercel",
|
|
6741
|
+
target: system.vercelProjectName,
|
|
6742
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6743
|
+
}
|
|
6744
|
+
],
|
|
6745
|
+
description: "Lucern graph public tenant id used by the standalone graph explorer."
|
|
6746
|
+
},
|
|
6747
|
+
{
|
|
6748
|
+
id: "tenant.lucern-graph.public.tenant-label",
|
|
6749
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_LABEL",
|
|
6750
|
+
owner: "tenant",
|
|
6751
|
+
scope: "workspace",
|
|
6752
|
+
sourcePath: system.sharedSourcePath,
|
|
6753
|
+
environmentPolicy: "environment_specific",
|
|
6754
|
+
required: false,
|
|
6755
|
+
secret: false,
|
|
6756
|
+
public: true,
|
|
6757
|
+
consumers: ["tenant-vercel-app"],
|
|
6758
|
+
destinations: [
|
|
6759
|
+
{
|
|
6760
|
+
kind: "vercel",
|
|
6761
|
+
target: system.vercelProjectName,
|
|
6762
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6763
|
+
}
|
|
6764
|
+
],
|
|
6765
|
+
description: "Lucern graph public tenant label used by the standalone graph explorer."
|
|
6766
|
+
}
|
|
6767
|
+
];
|
|
6768
|
+
}
|
|
6769
|
+
if (system.id === "stack-eng") {
|
|
6770
|
+
return [
|
|
6771
|
+
{
|
|
6772
|
+
id: "tenant.stack-eng.public.tenant-id",
|
|
6773
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_ID",
|
|
6774
|
+
owner: "tenant",
|
|
6775
|
+
scope: "workspace",
|
|
6776
|
+
sourcePath: system.sharedSourcePath,
|
|
6777
|
+
environmentPolicy: "environment_specific",
|
|
6778
|
+
required: false,
|
|
6779
|
+
secret: false,
|
|
6780
|
+
public: true,
|
|
6781
|
+
consumers: ["tenant-vercel-app"],
|
|
6782
|
+
destinations: [
|
|
6783
|
+
{
|
|
6784
|
+
kind: "vercel",
|
|
6785
|
+
target: system.vercelProjectName,
|
|
6786
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6787
|
+
}
|
|
6788
|
+
],
|
|
6789
|
+
description: "Stack engineering graph public tenant id used by the graph explorer."
|
|
6790
|
+
},
|
|
6791
|
+
{
|
|
6792
|
+
id: "tenant.stack-eng.public.tenant-label",
|
|
6793
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_LABEL",
|
|
6794
|
+
owner: "tenant",
|
|
6795
|
+
scope: "workspace",
|
|
6796
|
+
sourcePath: system.sharedSourcePath,
|
|
6797
|
+
environmentPolicy: "environment_specific",
|
|
6798
|
+
required: false,
|
|
6799
|
+
secret: false,
|
|
6800
|
+
public: true,
|
|
6801
|
+
consumers: ["tenant-vercel-app"],
|
|
6802
|
+
destinations: [
|
|
6803
|
+
{
|
|
6804
|
+
kind: "vercel",
|
|
6805
|
+
target: system.vercelProjectName,
|
|
6806
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6807
|
+
}
|
|
6808
|
+
],
|
|
6809
|
+
description: "Stack engineering graph public tenant label used by the graph explorer."
|
|
6810
|
+
},
|
|
6811
|
+
{
|
|
6812
|
+
id: "tenant.stack-eng.public.environment",
|
|
6813
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_ENV",
|
|
6814
|
+
owner: "tenant",
|
|
6815
|
+
scope: "workspace",
|
|
6816
|
+
sourcePath: system.sharedSourcePath,
|
|
6817
|
+
environmentPolicy: "environment_specific",
|
|
6818
|
+
required: false,
|
|
6819
|
+
secret: false,
|
|
6820
|
+
public: true,
|
|
6821
|
+
consumers: ["tenant-vercel-app"],
|
|
6822
|
+
destinations: [
|
|
6823
|
+
{
|
|
6824
|
+
kind: "vercel",
|
|
6825
|
+
target: system.vercelProjectName,
|
|
6826
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6827
|
+
}
|
|
6828
|
+
],
|
|
6829
|
+
description: "Stack engineering graph public environment label used by the graph explorer."
|
|
6830
|
+
}
|
|
6831
|
+
];
|
|
6832
|
+
}
|
|
6833
|
+
return [];
|
|
6834
|
+
}
|
|
5053
6835
|
);
|
|
6836
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap((system) => [
|
|
6837
|
+
{
|
|
6838
|
+
id: `tenant.${system.id}.convex.url`,
|
|
6839
|
+
canonicalName: system.convex.urlEnv,
|
|
6840
|
+
aliases: tenantConvexUrlAliases(system),
|
|
6841
|
+
owner: "tenant",
|
|
6842
|
+
scope: "software_system",
|
|
6843
|
+
sourcePath: system.sharedSourcePath,
|
|
6844
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6845
|
+
required: true,
|
|
6846
|
+
secret: false,
|
|
6847
|
+
public: false,
|
|
6848
|
+
consumers: [
|
|
6849
|
+
"tenant-vercel-app",
|
|
6850
|
+
"tenant-agent-runtime",
|
|
6851
|
+
"mc-operator-tooling"
|
|
6852
|
+
],
|
|
6853
|
+
destinations: [
|
|
6854
|
+
{
|
|
6855
|
+
kind: "vercel",
|
|
6856
|
+
target: system.vercelProjectName,
|
|
6857
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6858
|
+
writeNames: tenantVercelConvexUrlWriteNames(system)
|
|
6859
|
+
},
|
|
6860
|
+
{
|
|
6861
|
+
kind: "github_actions",
|
|
6862
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6863
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6864
|
+
writeNames: tenantRepositoryConvexUrlWriteNames(system),
|
|
6865
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6866
|
+
}
|
|
6867
|
+
],
|
|
6868
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex URL. Pre-prod resolves to ${system.convex.preprodDeployment}; prod resolves to ${system.convex.prodDeployment}.`
|
|
6869
|
+
},
|
|
6870
|
+
{
|
|
6871
|
+
id: `tenant.${system.id}.convex.deploy-key`,
|
|
6872
|
+
canonicalName: system.convex.deployKeyEnv,
|
|
6873
|
+
aliases: tenantConvexDeployKeyAliases(system),
|
|
6874
|
+
owner: "tenant",
|
|
6875
|
+
scope: "software_system",
|
|
6876
|
+
sourcePath: system.sharedSourcePath,
|
|
6877
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6878
|
+
required: true,
|
|
6879
|
+
secret: true,
|
|
6880
|
+
public: false,
|
|
6881
|
+
consumers: [
|
|
6882
|
+
"tenant-vercel-app",
|
|
6883
|
+
"tenant-agent-runtime",
|
|
6884
|
+
"mc-operator-tooling"
|
|
6885
|
+
],
|
|
6886
|
+
destinations: [
|
|
6887
|
+
{
|
|
6888
|
+
kind: "vercel",
|
|
6889
|
+
target: system.vercelProjectName,
|
|
6890
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6891
|
+
},
|
|
6892
|
+
{
|
|
6893
|
+
kind: "github_actions",
|
|
6894
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6895
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6896
|
+
writeNames: tenantRepositoryConvexDeployKeyWriteNames(system),
|
|
6897
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6898
|
+
}
|
|
6899
|
+
],
|
|
6900
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex deploy/admin key. Never route to sibling workspaces.`
|
|
6901
|
+
}
|
|
6902
|
+
]);
|
|
5054
6903
|
z.object({
|
|
5055
6904
|
manifestVersion: z.literal("1.0.0"),
|
|
5056
6905
|
rules: z.array(
|
|
@@ -5091,7 +6940,7 @@ var createEvidenceInputSchemaBase = z.object({
|
|
|
5091
6940
|
targetId: z.string().optional(),
|
|
5092
6941
|
targetNodeId: z.string().optional(),
|
|
5093
6942
|
linkedBeliefNodeId: z.string().optional(),
|
|
5094
|
-
evidenceRelation: z.enum(["supports", "contradicts"
|
|
6943
|
+
evidenceRelation: z.enum(["supports", "contradicts"]).optional(),
|
|
5095
6944
|
confidence: z.number().optional(),
|
|
5096
6945
|
weight: z.number().optional(),
|
|
5097
6946
|
reasoning: z.string().optional(),
|
|
@@ -5176,8 +7025,7 @@ var createEvidenceProjection = defineProjection({
|
|
|
5176
7025
|
evidenceRelation: v.optional(
|
|
5177
7026
|
v.union(
|
|
5178
7027
|
v.literal("supports"),
|
|
5179
|
-
v.literal("contradicts")
|
|
5180
|
-
v.literal("neutral")
|
|
7028
|
+
v.literal("contradicts")
|
|
5181
7029
|
)
|
|
5182
7030
|
),
|
|
5183
7031
|
confidence: v.optional(v.number()),
|
|
@@ -5202,7 +7050,7 @@ function compactRecord2(input) {
|
|
|
5202
7050
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
5203
7051
|
);
|
|
5204
7052
|
}
|
|
5205
|
-
|
|
7053
|
+
defineProjection({
|
|
5206
7054
|
contractName: "list_beliefs",
|
|
5207
7055
|
inputSchema: listBeliefsInputSchema,
|
|
5208
7056
|
project: (input) => compactRecord2({
|
|
@@ -5226,12 +7074,17 @@ var listBeliefsProjection = defineProjection({
|
|
|
5226
7074
|
});
|
|
5227
7075
|
var taskStatusSchema = z.enum(["todo", "in_progress", "blocked", "done"]).optional().describe("Filter by task status");
|
|
5228
7076
|
var listTasksInputSchema = z.object({
|
|
5229
|
-
topicId: z.string().describe("Topic scope"),
|
|
7077
|
+
topicId: z.string().optional().describe("Topic scope"),
|
|
5230
7078
|
worktreeId: z.string().optional().describe("Alias for linkedWorktreeId"),
|
|
5231
7079
|
linkedWorktreeId: z.string().optional().describe("Filter to tasks linked to this worktree"),
|
|
5232
7080
|
status: taskStatusSchema,
|
|
5233
7081
|
limit: z.number().optional().describe("Maximum results")
|
|
5234
|
-
})
|
|
7082
|
+
}).refine(
|
|
7083
|
+
(input) => Boolean(input.topicId || input.worktreeId || input.linkedWorktreeId),
|
|
7084
|
+
{
|
|
7085
|
+
message: "topicId or worktreeId is required"
|
|
7086
|
+
}
|
|
7087
|
+
);
|
|
5235
7088
|
function compactRecord3(input) {
|
|
5236
7089
|
return Object.fromEntries(
|
|
5237
7090
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
@@ -5248,7 +7101,7 @@ var listTasksProjection = defineProjection({
|
|
|
5248
7101
|
linkedWorktreeId: input.linkedWorktreeId ?? input.worktreeId
|
|
5249
7102
|
}),
|
|
5250
7103
|
convexArgsValidator: v.object({
|
|
5251
|
-
topicId: v.string(),
|
|
7104
|
+
topicId: v.optional(v.string()),
|
|
5252
7105
|
status: v.optional(
|
|
5253
7106
|
v.union(
|
|
5254
7107
|
v.literal("todo"),
|
|
@@ -6226,19 +8079,23 @@ var FIND_CONTRADICTIONS = {
|
|
|
6226
8079
|
};
|
|
6227
8080
|
var CREATE_EDGE = {
|
|
6228
8081
|
name: "create_edge",
|
|
6229
|
-
description: "Commit a typed relationship between two nodes in the reasoning graph. Like `git commit` \u2014 an atomic write that declares a dependency between nodes.
|
|
8082
|
+
description: "Commit a typed relationship between two nodes in the reasoning graph. Like `git commit` \u2014 an atomic write that declares a dependency between nodes. Accepts any public epistemic edge type between public graph node refs so agents can author the full spine.",
|
|
6230
8083
|
parameters: {
|
|
6231
|
-
|
|
6232
|
-
type: "
|
|
6233
|
-
description: "Source
|
|
8084
|
+
from: {
|
|
8085
|
+
type: "object",
|
|
8086
|
+
description: "Source graph ref, e.g. { kind: 'epistemic_node', nodeId: '...', nodeType: 'topic' }"
|
|
6234
8087
|
},
|
|
6235
|
-
|
|
6236
|
-
type: "
|
|
6237
|
-
description: "Target
|
|
8088
|
+
to: {
|
|
8089
|
+
type: "object",
|
|
8090
|
+
description: "Target graph ref, e.g. { kind: 'epistemic_node', nodeId: '...', nodeType: 'belief' }"
|
|
6238
8091
|
},
|
|
6239
8092
|
edgeType: {
|
|
6240
8093
|
type: "string",
|
|
6241
|
-
description: "Relationship type
|
|
8094
|
+
description: "Relationship type from the public epistemic edge enum."
|
|
8095
|
+
},
|
|
8096
|
+
globalId: {
|
|
8097
|
+
type: "string",
|
|
8098
|
+
description: "Optional idempotent edge global ID."
|
|
6242
8099
|
},
|
|
6243
8100
|
weight: {
|
|
6244
8101
|
type: "number",
|
|
@@ -6248,10 +8105,14 @@ var CREATE_EDGE = {
|
|
|
6248
8105
|
reasoningMethod: {
|
|
6249
8106
|
type: "string",
|
|
6250
8107
|
description: "How this was determined",
|
|
6251
|
-
enum: [
|
|
8108
|
+
enum: [...REASONING_METHODS]
|
|
8109
|
+
},
|
|
8110
|
+
metadata: {
|
|
8111
|
+
type: "object",
|
|
8112
|
+
description: "Optional edge metadata."
|
|
6252
8113
|
}
|
|
6253
8114
|
},
|
|
6254
|
-
required: ["
|
|
8115
|
+
required: ["from", "to", "edgeType"],
|
|
6255
8116
|
response: {
|
|
6256
8117
|
description: "The created edge",
|
|
6257
8118
|
fields: {
|
|
@@ -6265,6 +8126,240 @@ var CREATE_EDGE = {
|
|
|
6265
8126
|
ontologyPrimitive: "edge",
|
|
6266
8127
|
tier: "showcase"
|
|
6267
8128
|
};
|
|
8129
|
+
var UPDATE_EDGE = {
|
|
8130
|
+
name: "update_edge",
|
|
8131
|
+
description: "Amend metadata on an existing graph edge. Like `git commit --amend` \u2014 changes the edge annotation without recreating the relationship.",
|
|
8132
|
+
parameters: {
|
|
8133
|
+
edgeId: { type: "string", description: "Edge ID or global ID to update" },
|
|
8134
|
+
weight: { type: "number", description: "Updated edge weight" },
|
|
8135
|
+
confidence: { type: "number", description: "Updated confidence" },
|
|
8136
|
+
context: { type: "string", description: "Updated human-readable context" },
|
|
8137
|
+
derivationType: { type: "string", description: "Updated derivation type" },
|
|
8138
|
+
metadata: { type: "object", description: "Updated metadata" }
|
|
8139
|
+
},
|
|
8140
|
+
required: ["edgeId"],
|
|
8141
|
+
response: {
|
|
8142
|
+
description: "Edge update result",
|
|
8143
|
+
fields: { success: "boolean" }
|
|
8144
|
+
},
|
|
8145
|
+
ownerModule: "graph-primitives",
|
|
8146
|
+
ontologyPrimitive: "edge",
|
|
8147
|
+
tier: "workhorse"
|
|
8148
|
+
};
|
|
8149
|
+
var REMOVE_EDGE = {
|
|
8150
|
+
name: "remove_edge",
|
|
8151
|
+
description: "Remove one graph edge by ID. Like `git rm` \u2014 deletes a single explicit relationship from the spine.",
|
|
8152
|
+
parameters: {
|
|
8153
|
+
edgeId: { type: "string", description: "Edge ID or global ID to remove" }
|
|
8154
|
+
},
|
|
8155
|
+
required: ["edgeId"],
|
|
8156
|
+
response: {
|
|
8157
|
+
description: "Edge removal result",
|
|
8158
|
+
fields: { success: "boolean" }
|
|
8159
|
+
},
|
|
8160
|
+
ownerModule: "graph-primitives",
|
|
8161
|
+
ontologyPrimitive: "edge",
|
|
8162
|
+
tier: "workhorse"
|
|
8163
|
+
};
|
|
8164
|
+
var REMOVE_EDGES_BETWEEN = {
|
|
8165
|
+
name: "remove_edges_between",
|
|
8166
|
+
description: "Remove graph edges between two nodes. Like `git rm <pathspec>` \u2014 deletes relationships matching a source, target, and optional type.",
|
|
8167
|
+
parameters: {
|
|
8168
|
+
fromNodeId: { type: "string", description: "Source node ID or global ID" },
|
|
8169
|
+
toNodeId: { type: "string", description: "Target node ID or global ID" },
|
|
8170
|
+
edgeType: { type: "string", description: "Optional edge type filter" }
|
|
8171
|
+
},
|
|
8172
|
+
required: ["fromNodeId", "toNodeId"],
|
|
8173
|
+
response: {
|
|
8174
|
+
description: "Matched edge removal result",
|
|
8175
|
+
fields: { deleted: "number" }
|
|
8176
|
+
},
|
|
8177
|
+
ownerModule: "graph-primitives",
|
|
8178
|
+
ontologyPrimitive: "edge",
|
|
8179
|
+
tier: "workhorse"
|
|
8180
|
+
};
|
|
8181
|
+
var BATCH_CREATE_EDGES = {
|
|
8182
|
+
name: "batch_create_edges",
|
|
8183
|
+
description: "Commit multiple typed graph edges. Like `git commit` with many staged paths \u2014 writes a batch of explicit relationships atomically per edge.",
|
|
8184
|
+
parameters: {
|
|
8185
|
+
edges: {
|
|
8186
|
+
type: "array",
|
|
8187
|
+
description: "Edges to create, each with from, to, edgeType, and optional weight/confidence/context."
|
|
8188
|
+
},
|
|
8189
|
+
skipLayerValidation: {
|
|
8190
|
+
type: "boolean",
|
|
8191
|
+
description: "Skip kernel layer validation for trusted materialization flows."
|
|
8192
|
+
}
|
|
8193
|
+
},
|
|
8194
|
+
required: ["edges"],
|
|
8195
|
+
response: {
|
|
8196
|
+
description: "Batch edge creation result",
|
|
8197
|
+
fields: {
|
|
8198
|
+
created: "number",
|
|
8199
|
+
results: "array",
|
|
8200
|
+
errors: "array"
|
|
8201
|
+
}
|
|
8202
|
+
},
|
|
8203
|
+
ownerModule: "graph-primitives",
|
|
8204
|
+
ontologyPrimitive: "edge",
|
|
8205
|
+
tier: "workhorse"
|
|
8206
|
+
};
|
|
8207
|
+
var CREATE_EPISTEMIC_NODE = {
|
|
8208
|
+
name: "create_epistemic_node",
|
|
8209
|
+
description: "Commit a generic epistemic graph node. Like `git commit` \u2014 creates a canonical node in the public spine for topics, beliefs, evidence, questions, answers, sources, and entities.",
|
|
8210
|
+
parameters: {
|
|
8211
|
+
globalId: { type: "string", description: "Optional idempotent node global ID" },
|
|
8212
|
+
nodeType: { type: "string", description: "Public epistemic node type" },
|
|
8213
|
+
canonicalText: { type: "string", description: "Canonical node text" },
|
|
8214
|
+
text: { type: "string", description: "Alias for canonicalText" },
|
|
8215
|
+
contentHash: { type: "string", description: "Optional idempotency content hash" },
|
|
8216
|
+
sourceType: { type: "string", description: "Source type for provenance" },
|
|
8217
|
+
topicId: { type: "string", description: "Optional topic scope" },
|
|
8218
|
+
content: { type: "string", description: "Extended content" },
|
|
8219
|
+
title: { type: "string", description: "Display title" },
|
|
8220
|
+
metadata: { type: "object", description: "Optional node metadata" }
|
|
8221
|
+
},
|
|
8222
|
+
required: ["nodeType"],
|
|
8223
|
+
response: {
|
|
8224
|
+
description: "Created node result",
|
|
8225
|
+
fields: {
|
|
8226
|
+
nodeId: "string",
|
|
8227
|
+
nodeGlobalId: "string",
|
|
8228
|
+
isDuplicate: "boolean"
|
|
8229
|
+
}
|
|
8230
|
+
},
|
|
8231
|
+
ownerModule: "reasoning-kernel",
|
|
8232
|
+
ontologyPrimitive: "graph",
|
|
8233
|
+
tier: "showcase"
|
|
8234
|
+
};
|
|
8235
|
+
var GET_EPISTEMIC_NODE = {
|
|
8236
|
+
name: "get_epistemic_node",
|
|
8237
|
+
description: "Read one epistemic graph node. Like `git show` \u2014 resolves a canonical spine node by ID or global ID.",
|
|
8238
|
+
parameters: {
|
|
8239
|
+
nodeId: { type: "string", description: "Node ID or global ID" }
|
|
8240
|
+
},
|
|
8241
|
+
required: ["nodeId"],
|
|
8242
|
+
response: {
|
|
8243
|
+
description: "The resolved node",
|
|
8244
|
+
fields: { node: "object" }
|
|
8245
|
+
},
|
|
8246
|
+
ownerModule: "reasoning-kernel",
|
|
8247
|
+
ontologyPrimitive: "graph",
|
|
8248
|
+
tier: "workhorse"
|
|
8249
|
+
};
|
|
8250
|
+
var LIST_EPISTEMIC_NODES = {
|
|
8251
|
+
name: "list_epistemic_nodes",
|
|
8252
|
+
description: "List epistemic graph nodes. Like `git ls-tree` \u2014 lists canonical spine nodes by topic, type, status, or search query.",
|
|
8253
|
+
parameters: {
|
|
8254
|
+
topicId: { type: "string", description: "Optional topic scope" },
|
|
8255
|
+
nodeType: { type: "string", description: "Optional node type filter" },
|
|
8256
|
+
status: { type: "string", description: "Optional lifecycle status" },
|
|
8257
|
+
searchQuery: { type: "string", description: "Optional text search query" },
|
|
8258
|
+
limit: { type: "number", description: "Maximum nodes to return" }
|
|
8259
|
+
},
|
|
8260
|
+
required: [],
|
|
8261
|
+
response: {
|
|
8262
|
+
description: "Matching nodes",
|
|
8263
|
+
fields: { nodes: "array" }
|
|
8264
|
+
},
|
|
8265
|
+
ownerModule: "reasoning-kernel",
|
|
8266
|
+
ontologyPrimitive: "graph",
|
|
8267
|
+
tier: "workhorse"
|
|
8268
|
+
};
|
|
8269
|
+
var UPDATE_EPISTEMIC_NODE = {
|
|
8270
|
+
name: "update_epistemic_node",
|
|
8271
|
+
description: "Amend an epistemic graph node. Like `git commit --amend` \u2014 updates mutable node metadata, text, status, or verification fields.",
|
|
8272
|
+
parameters: {
|
|
8273
|
+
nodeId: { type: "string", description: "Node ID or global ID" },
|
|
8274
|
+
canonicalText: { type: "string", description: "Updated canonical text" },
|
|
8275
|
+
text: { type: "string", description: "Alias for canonicalText" },
|
|
8276
|
+
contentHash: { type: "string", description: "Updated content hash" },
|
|
8277
|
+
content: { type: "string", description: "Updated content" },
|
|
8278
|
+
title: { type: "string", description: "Updated display title" },
|
|
8279
|
+
metadata: { type: "object", description: "Updated metadata" },
|
|
8280
|
+
confidence: { type: "number", description: "Updated confidence" },
|
|
8281
|
+
verificationStatus: { type: "string", description: "Updated verification status" },
|
|
8282
|
+
status: { type: "string", description: "Updated lifecycle status" }
|
|
8283
|
+
},
|
|
8284
|
+
required: ["nodeId"],
|
|
8285
|
+
response: {
|
|
8286
|
+
description: "Node update result",
|
|
8287
|
+
fields: { success: "boolean" }
|
|
8288
|
+
},
|
|
8289
|
+
ownerModule: "reasoning-kernel",
|
|
8290
|
+
ontologyPrimitive: "graph",
|
|
8291
|
+
tier: "workhorse"
|
|
8292
|
+
};
|
|
8293
|
+
var ARCHIVE_EPISTEMIC_NODE = {
|
|
8294
|
+
name: "archive_epistemic_node",
|
|
8295
|
+
description: "Archive an epistemic graph node. Like `git rm --cached` \u2014 removes a node from active traversal without hard-deleting it.",
|
|
8296
|
+
parameters: {
|
|
8297
|
+
nodeId: { type: "string", description: "Node ID or global ID" }
|
|
8298
|
+
},
|
|
8299
|
+
required: ["nodeId"],
|
|
8300
|
+
response: {
|
|
8301
|
+
description: "Archive result",
|
|
8302
|
+
fields: { success: "boolean", effectiveStatus: "string" }
|
|
8303
|
+
},
|
|
8304
|
+
ownerModule: "reasoning-kernel",
|
|
8305
|
+
ontologyPrimitive: "graph",
|
|
8306
|
+
tier: "workhorse"
|
|
8307
|
+
};
|
|
8308
|
+
var VERIFY_EPISTEMIC_NODE = {
|
|
8309
|
+
name: "verify_epistemic_node",
|
|
8310
|
+
description: "Record verification state on an epistemic graph node. Like `git tag` \u2014 marks the node with a reviewed verification state.",
|
|
8311
|
+
parameters: {
|
|
8312
|
+
nodeId: { type: "string", description: "Node ID or global ID" },
|
|
8313
|
+
verificationStatus: { type: "string", description: "Verification status" },
|
|
8314
|
+
confidence: { type: "number", description: "Optional confidence update" }
|
|
8315
|
+
},
|
|
8316
|
+
required: ["nodeId", "verificationStatus"],
|
|
8317
|
+
response: {
|
|
8318
|
+
description: "Verification result",
|
|
8319
|
+
fields: { success: "boolean" }
|
|
8320
|
+
},
|
|
8321
|
+
ownerModule: "reasoning-kernel",
|
|
8322
|
+
ontologyPrimitive: "graph",
|
|
8323
|
+
tier: "workhorse"
|
|
8324
|
+
};
|
|
8325
|
+
var SUPERSEDE_EPISTEMIC_NODE = {
|
|
8326
|
+
name: "supersede_epistemic_node",
|
|
8327
|
+
description: "Supersede an epistemic graph node with a new version. Like `git commit --amend` on an immutable history branch \u2014 creates the replacement and marks the old node superseded.",
|
|
8328
|
+
parameters: {
|
|
8329
|
+
oldNodeId: { type: "string", description: "Node ID or global ID to supersede" },
|
|
8330
|
+
newGlobalId: { type: "string", description: "Optional replacement global ID" },
|
|
8331
|
+
newCanonicalText: { type: "string", description: "Replacement canonical text" },
|
|
8332
|
+
text: { type: "string", description: "Alias for newCanonicalText" },
|
|
8333
|
+
newContentHash: { type: "string", description: "Optional replacement content hash" },
|
|
8334
|
+
reason: { type: "string", description: "Reason for superseding" }
|
|
8335
|
+
},
|
|
8336
|
+
required: ["oldNodeId"],
|
|
8337
|
+
response: {
|
|
8338
|
+
description: "Supersede result",
|
|
8339
|
+
fields: { oldNodeId: "string", newNodeId: "string" }
|
|
8340
|
+
},
|
|
8341
|
+
ownerModule: "reasoning-kernel",
|
|
8342
|
+
ontologyPrimitive: "graph",
|
|
8343
|
+
tier: "workhorse"
|
|
8344
|
+
};
|
|
8345
|
+
var BATCH_CREATE_EPISTEMIC_NODES = {
|
|
8346
|
+
name: "batch_create_epistemic_nodes",
|
|
8347
|
+
description: "Commit multiple epistemic graph nodes. Like `git commit` with many staged files \u2014 writes a batch of canonical spine nodes.",
|
|
8348
|
+
parameters: {
|
|
8349
|
+
nodes: {
|
|
8350
|
+
type: "array",
|
|
8351
|
+
description: "Nodes to create with nodeType, canonicalText/text, and optional metadata."
|
|
8352
|
+
}
|
|
8353
|
+
},
|
|
8354
|
+
required: ["nodes"],
|
|
8355
|
+
response: {
|
|
8356
|
+
description: "Batch node creation result",
|
|
8357
|
+
fields: { created: "number", results: "array" }
|
|
8358
|
+
},
|
|
8359
|
+
ownerModule: "reasoning-kernel",
|
|
8360
|
+
ontologyPrimitive: "graph",
|
|
8361
|
+
tier: "workhorse"
|
|
8362
|
+
};
|
|
6268
8363
|
var RECORD_JUDGMENT = {
|
|
6269
8364
|
name: "record_judgment",
|
|
6270
8365
|
description: "Record a judgment \u2014 an irreversible commitment based on the current epistemic state. Like a `git tag` marking a release. A judgment synthesizes beliefs, evidence, and uncertainties into a determination. Once issued, a judgment is evaluated against the epistemic state that existed when it was made (knowledge horizon evaluation, Invariant #10).",
|
|
@@ -7464,8 +9559,8 @@ var IDENTITY_WHOAMI = {
|
|
|
7464
9559
|
response: {
|
|
7465
9560
|
description: "Canonical identity summary for the current session",
|
|
7466
9561
|
fields: {
|
|
7467
|
-
principalId: "string \u2014 canonical
|
|
7468
|
-
principalType: "string \u2014 human, service, or
|
|
9562
|
+
principalId: "string \u2014 canonical principal identifier; for humans this is the Clerk user_... ID",
|
|
9563
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
7469
9564
|
tenantId: "string | undefined \u2014 resolved tenant scope",
|
|
7470
9565
|
workspaceId: "string | undefined \u2014 resolved workspace scope",
|
|
7471
9566
|
scopes: "string[] | undefined \u2014 granted scopes for this session",
|
|
@@ -7476,6 +9571,49 @@ var IDENTITY_WHOAMI = {
|
|
|
7476
9571
|
ontologyPrimitive: "identity",
|
|
7477
9572
|
tier: "workhorse"
|
|
7478
9573
|
};
|
|
9574
|
+
var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
9575
|
+
name: "resolve_interactive_principal",
|
|
9576
|
+
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the Clerk subject into tenant/workspace authorization context.",
|
|
9577
|
+
parameters: {
|
|
9578
|
+
clerkId: {
|
|
9579
|
+
type: "string",
|
|
9580
|
+
description: "Authenticated Clerk subject (`sub`). Clerk proves identity only; it is not the authorization record."
|
|
9581
|
+
},
|
|
9582
|
+
tenantId: {
|
|
9583
|
+
type: "string",
|
|
9584
|
+
description: "Optional tenant scope. Omit only when the Clerk alias is globally unambiguous."
|
|
9585
|
+
},
|
|
9586
|
+
workspaceId: {
|
|
9587
|
+
type: "string",
|
|
9588
|
+
description: "Optional workspace scope. Required when the principal has access to multiple workspaces and no default can be inferred."
|
|
9589
|
+
},
|
|
9590
|
+
providerProjectId: {
|
|
9591
|
+
type: "string",
|
|
9592
|
+
description: "Optional Clerk project or provider instance id for tenants with multiple identity providers."
|
|
9593
|
+
}
|
|
9594
|
+
},
|
|
9595
|
+
required: ["clerkId"],
|
|
9596
|
+
response: {
|
|
9597
|
+
description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
|
|
9598
|
+
fields: {
|
|
9599
|
+
principalId: "string \u2014 canonical Clerk user_... ID for human sessions",
|
|
9600
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
9601
|
+
clerkId: "string \u2014 authenticated Clerk subject alias",
|
|
9602
|
+
tenantId: "string \u2014 resolved tenant scope",
|
|
9603
|
+
workspaceId: "string | null \u2014 resolved workspace scope",
|
|
9604
|
+
roles: "string[] \u2014 effective Permit roles",
|
|
9605
|
+
scopes: "string[] \u2014 effective scopes derived from Permit/control-plane projection",
|
|
9606
|
+
groupIds: "string[] \u2014 active Permit group memberships",
|
|
9607
|
+
principalStatus: "string \u2014 active, invited, suspended, disabled, revoked, or missing",
|
|
9608
|
+
tenantStatus: "string \u2014 projected tenant resource status",
|
|
9609
|
+
workspaceStatus: "string \u2014 projected workspace resource status",
|
|
9610
|
+
permit: "object \u2014 Permit subject, tenant, and optional workspace tuple"
|
|
9611
|
+
}
|
|
9612
|
+
},
|
|
9613
|
+
ownerModule: "control-plane",
|
|
9614
|
+
ontologyPrimitive: "identity",
|
|
9615
|
+
tier: "workhorse"
|
|
9616
|
+
};
|
|
7479
9617
|
var COMPILE_CONTEXT = {
|
|
7480
9618
|
name: "compile_context",
|
|
7481
9619
|
description: "Compile a focused reasoning context. If topicId is omitted, Lucern resolves the best topic from the query. Like `git log --graph --decorate` for the reasoning substrate \u2014 returns the canonical Pillar 3 context pack through the public API shape.",
|
|
@@ -7737,6 +9875,10 @@ var CREATE_TASK = {
|
|
|
7737
9875
|
tags: {
|
|
7738
9876
|
type: "array",
|
|
7739
9877
|
description: "Free-form string tags"
|
|
9878
|
+
},
|
|
9879
|
+
metadata: {
|
|
9880
|
+
type: "object",
|
|
9881
|
+
description: "Structured task metadata for handoff context and routing hints"
|
|
7740
9882
|
}
|
|
7741
9883
|
},
|
|
7742
9884
|
required: ["title"],
|
|
@@ -7810,6 +9952,10 @@ var UPDATE_TASK = {
|
|
|
7810
9952
|
type: "string",
|
|
7811
9953
|
description: "Updated status",
|
|
7812
9954
|
enum: ["todo", "in_progress", "blocked", "done"]
|
|
9955
|
+
},
|
|
9956
|
+
metadata: {
|
|
9957
|
+
type: "object",
|
|
9958
|
+
description: "Structured task metadata to replace or refine"
|
|
7813
9959
|
}
|
|
7814
9960
|
},
|
|
7815
9961
|
required: ["taskId"],
|
|
@@ -7857,6 +10003,10 @@ var CREATE_TOPIC = {
|
|
|
7857
10003
|
name: "create_topic",
|
|
7858
10004
|
description: "Create a new topic container for scoping knowledge. Like `git init` \u2014 initializes a new repository for a knowledge domain. Topics are hierarchical: a deal topic can nest under a theme topic. Types: domain, theme, deal, strategy, constitution, project, portfolio.",
|
|
7859
10005
|
parameters: {
|
|
10006
|
+
globalId: {
|
|
10007
|
+
type: "string",
|
|
10008
|
+
description: "Optional idempotent topic global ID"
|
|
10009
|
+
},
|
|
7860
10010
|
name: { type: "string", description: "Topic name" },
|
|
7861
10011
|
type: {
|
|
7862
10012
|
type: "string",
|
|
@@ -7867,6 +10017,18 @@ var CREATE_TOPIC = {
|
|
|
7867
10017
|
type: "string",
|
|
7868
10018
|
description: "Optional parent topic for nesting"
|
|
7869
10019
|
},
|
|
10020
|
+
parentTopicGlobalId: {
|
|
10021
|
+
type: "string",
|
|
10022
|
+
description: "Optional parent topic global ID for nesting"
|
|
10023
|
+
},
|
|
10024
|
+
tenantId: { type: "string", description: "Optional tenant scope" },
|
|
10025
|
+
workspaceId: { type: "string", description: "Optional workspace scope" },
|
|
10026
|
+
visibility: {
|
|
10027
|
+
type: "string",
|
|
10028
|
+
description: "Topic visibility",
|
|
10029
|
+
enum: ["private", "team", "firm", "external", "public"]
|
|
10030
|
+
},
|
|
10031
|
+
metadata: { type: "object", description: "Optional topic metadata" },
|
|
7870
10032
|
createdBy: { type: "string", description: "Who created this topic" }
|
|
7871
10033
|
},
|
|
7872
10034
|
required: ["name", "type"],
|
|
@@ -7875,6 +10037,9 @@ var CREATE_TOPIC = {
|
|
|
7875
10037
|
fields: {
|
|
7876
10038
|
id: "string \u2014 topic ID",
|
|
7877
10039
|
globalId: "string \u2014 globally unique ID",
|
|
10040
|
+
topicGlobalId: "string \u2014 topic global ID",
|
|
10041
|
+
epistemicNodeId: "string \u2014 materialized topic node ID",
|
|
10042
|
+
epistemicNodeGlobalId: "string \u2014 materialized topic node global ID",
|
|
7878
10043
|
depth: "number \u2014 nesting depth"
|
|
7879
10044
|
}
|
|
7880
10045
|
},
|
|
@@ -8005,6 +10170,65 @@ var GET_TOPIC_TREE = {
|
|
|
8005
10170
|
ontologyPrimitive: "graph",
|
|
8006
10171
|
tier: "workhorse"
|
|
8007
10172
|
};
|
|
10173
|
+
var MATERIALIZE_TOPIC_GRAPH = {
|
|
10174
|
+
name: "materialize_topic_graph",
|
|
10175
|
+
description: "Backfill the topic graph spine. Like `git fsck --connectivity-only` with repair enabled \u2014 creates missing topic nodes and parent-child edges idempotently.",
|
|
10176
|
+
parameters: {
|
|
10177
|
+
rootTopicId: {
|
|
10178
|
+
type: "string",
|
|
10179
|
+
description: "Optional root topic for a bounded materialization pass"
|
|
10180
|
+
},
|
|
10181
|
+
dryRun: {
|
|
10182
|
+
type: "boolean",
|
|
10183
|
+
description: "When true, report missing rows without writing them"
|
|
10184
|
+
}
|
|
10185
|
+
},
|
|
10186
|
+
required: [],
|
|
10187
|
+
response: {
|
|
10188
|
+
description: "Topic graph materialization counts",
|
|
10189
|
+
fields: {
|
|
10190
|
+
topicsSeen: "number",
|
|
10191
|
+
nodesCreated: "number",
|
|
10192
|
+
nodesExisting: "number",
|
|
10193
|
+
edgesCreated: "number",
|
|
10194
|
+
edgesExisting: "number",
|
|
10195
|
+
errors: "array"
|
|
10196
|
+
}
|
|
10197
|
+
},
|
|
10198
|
+
ownerModule: "reasoning-kernel",
|
|
10199
|
+
ontologyPrimitive: "graph",
|
|
10200
|
+
tier: "workhorse"
|
|
10201
|
+
};
|
|
10202
|
+
var GET_TOPIC_GRAPH_SPINE = {
|
|
10203
|
+
name: "get_topic_graph_spine",
|
|
10204
|
+
description: "Verify the topic graph spine. Like `git fsck` \u2014 reads topics, materialized topic nodes, parent-child edges, and missing spine rows.",
|
|
10205
|
+
parameters: {
|
|
10206
|
+
rootTopicId: {
|
|
10207
|
+
type: "string",
|
|
10208
|
+
description: "Optional root topic for a bounded verifier pass"
|
|
10209
|
+
},
|
|
10210
|
+
includeTopicBeliefEdges: {
|
|
10211
|
+
type: "boolean",
|
|
10212
|
+
description: "Include topic -> belief edges in the verifier payload"
|
|
10213
|
+
}
|
|
10214
|
+
},
|
|
10215
|
+
required: [],
|
|
10216
|
+
response: {
|
|
10217
|
+
description: "Topic graph spine verification payload",
|
|
10218
|
+
fields: {
|
|
10219
|
+
ok: "boolean",
|
|
10220
|
+
counts: "object",
|
|
10221
|
+
topics: "array",
|
|
10222
|
+
topicNodes: "array",
|
|
10223
|
+
parentEdges: "array",
|
|
10224
|
+
missingTopicNodes: "array",
|
|
10225
|
+
missingParentEdges: "array"
|
|
10226
|
+
}
|
|
10227
|
+
},
|
|
10228
|
+
ownerModule: "reasoning-kernel",
|
|
10229
|
+
ontologyPrimitive: "graph",
|
|
10230
|
+
tier: "workhorse"
|
|
10231
|
+
};
|
|
8008
10232
|
var GET_CODE_CONTEXT = {
|
|
8009
10233
|
name: "get_code_context",
|
|
8010
10234
|
description: "Returns code-grounded beliefs, contracts, migration states, and failed attempts anchored to a specific file or function path. Like `git log -- <path>` \u2014 filters the knowledge graph to nodes anchored to a file path via metadata.codeAnchors. Results are separated by coding belief type: decisions, contracts, migrations, patterns, deprecations, and failures.",
|
|
@@ -8200,7 +10424,7 @@ var MANAGE_WRITE_POLICY = {
|
|
|
8200
10424
|
},
|
|
8201
10425
|
role: {
|
|
8202
10426
|
type: "string",
|
|
8203
|
-
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal'
|
|
10427
|
+
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal' or a Permit role key such as 'workspace_admin'."
|
|
8204
10428
|
},
|
|
8205
10429
|
permission: {
|
|
8206
10430
|
type: "string",
|
|
@@ -9187,6 +11411,9 @@ var BEGIN_BUILD_SESSION = {
|
|
|
9187
11411
|
sessionMode: "string \u2014 async | interactive",
|
|
9188
11412
|
targetBeliefIds: "array \u2014 scoped belief IDs",
|
|
9189
11413
|
targetQuestionIds: "array \u2014 scoped question IDs",
|
|
11414
|
+
taskIds: "array \u2014 assigned task IDs for this worktree",
|
|
11415
|
+
incompleteTaskIds: "array \u2014 assigned task IDs that still require done/deferred/blocked proof",
|
|
11416
|
+
tasks: "array \u2014 assigned task packet with id, title, status, priority, links, and summaries",
|
|
9190
11417
|
topBeliefs: "array \u2014 highest-confidence scoped beliefs",
|
|
9191
11418
|
openQuestions: "array \u2014 open scoped questions",
|
|
9192
11419
|
resolvedDecisions: "array \u2014 answered questions summarized for the session",
|
|
@@ -9242,6 +11469,19 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9242
11469
|
bisect_confidence: BISECT_CONFIDENCE,
|
|
9243
11470
|
// Edges (commit)
|
|
9244
11471
|
create_edge: CREATE_EDGE,
|
|
11472
|
+
update_edge: UPDATE_EDGE,
|
|
11473
|
+
remove_edge: REMOVE_EDGE,
|
|
11474
|
+
remove_edges_between: REMOVE_EDGES_BETWEEN,
|
|
11475
|
+
batch_create_edges: BATCH_CREATE_EDGES,
|
|
11476
|
+
// Epistemic node spine (commit/amend/show)
|
|
11477
|
+
create_epistemic_node: CREATE_EPISTEMIC_NODE,
|
|
11478
|
+
get_epistemic_node: GET_EPISTEMIC_NODE,
|
|
11479
|
+
list_epistemic_nodes: LIST_EPISTEMIC_NODES,
|
|
11480
|
+
update_epistemic_node: UPDATE_EPISTEMIC_NODE,
|
|
11481
|
+
archive_epistemic_node: ARCHIVE_EPISTEMIC_NODE,
|
|
11482
|
+
verify_epistemic_node: VERIFY_EPISTEMIC_NODE,
|
|
11483
|
+
supersede_epistemic_node: SUPERSEDE_EPISTEMIC_NODE,
|
|
11484
|
+
batch_create_epistemic_nodes: BATCH_CREATE_EPISTEMIC_NODES,
|
|
9245
11485
|
// Judgments (tag)
|
|
9246
11486
|
record_judgment: RECORD_JUDGMENT,
|
|
9247
11487
|
// Graph intelligence (showcase)
|
|
@@ -9276,6 +11516,7 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9276
11516
|
update_worktree_targets: UPDATE_WORKTREE_TARGETS,
|
|
9277
11517
|
update_worktree_metadata: UPDATE_WORKTREE_METADATA,
|
|
9278
11518
|
identity_whoami: IDENTITY_WHOAMI,
|
|
11519
|
+
resolve_interactive_principal: RESOLVE_INTERACTIVE_PRINCIPAL,
|
|
9279
11520
|
compile_context: COMPILE_CONTEXT,
|
|
9280
11521
|
record_scope_learning: RECORD_SCOPE_LEARNING,
|
|
9281
11522
|
pipeline_snapshot: PIPELINE_SNAPSHOT,
|
|
@@ -9315,6 +11556,8 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9315
11556
|
get_topic: GET_TOPIC,
|
|
9316
11557
|
update_topic: UPDATE_TOPIC,
|
|
9317
11558
|
get_topic_tree: GET_TOPIC_TREE,
|
|
11559
|
+
materialize_topic_graph: MATERIALIZE_TOPIC_GRAPH,
|
|
11560
|
+
get_topic_graph_spine: GET_TOPIC_GRAPH_SPINE,
|
|
9318
11561
|
// Coding intelligence (code-grounded knowledge)
|
|
9319
11562
|
get_code_context: GET_CODE_CONTEXT,
|
|
9320
11563
|
get_change_history: GET_CHANGE_HISTORY,
|
|
@@ -9391,6 +11634,7 @@ function entries(names, surfaceClass, surfaceIntent, surfaces, rationale) {
|
|
|
9391
11634
|
var MCP_CORE_OPERATION_NAMES = [
|
|
9392
11635
|
"compile_context",
|
|
9393
11636
|
"identity_whoami",
|
|
11637
|
+
"resolve_interactive_principal",
|
|
9394
11638
|
"check_permission",
|
|
9395
11639
|
"filter_by_permission",
|
|
9396
11640
|
"create_belief",
|
|
@@ -9419,14 +11663,28 @@ var MCP_CORE_OPERATION_NAMES = [
|
|
|
9419
11663
|
"find_missing_questions",
|
|
9420
11664
|
"get_high_priority_questions",
|
|
9421
11665
|
"get_falsification_questions",
|
|
11666
|
+
"create_epistemic_node",
|
|
11667
|
+
"get_epistemic_node",
|
|
11668
|
+
"list_epistemic_nodes",
|
|
11669
|
+
"update_epistemic_node",
|
|
11670
|
+
"archive_epistemic_node",
|
|
11671
|
+
"verify_epistemic_node",
|
|
11672
|
+
"supersede_epistemic_node",
|
|
11673
|
+
"batch_create_epistemic_nodes",
|
|
9422
11674
|
"create_topic",
|
|
9423
11675
|
"get_topic",
|
|
9424
11676
|
"list_topics",
|
|
9425
11677
|
"update_topic",
|
|
9426
|
-
"get_topic_tree"
|
|
11678
|
+
"get_topic_tree",
|
|
11679
|
+
"materialize_topic_graph",
|
|
11680
|
+
"get_topic_graph_spine"
|
|
9427
11681
|
];
|
|
9428
11682
|
var MCP_ANALYSIS_PLATFORM_OPERATION_NAMES = [
|
|
9429
11683
|
"create_edge",
|
|
11684
|
+
"update_edge",
|
|
11685
|
+
"remove_edge",
|
|
11686
|
+
"remove_edges_between",
|
|
11687
|
+
"batch_create_edges",
|
|
9430
11688
|
"query_lineage",
|
|
9431
11689
|
"traverse_graph",
|
|
9432
11690
|
"get_graph_neighborhood",
|
|
@@ -9758,12 +12016,20 @@ function unwrapMcpParameterSchema(schema) {
|
|
|
9758
12016
|
current = current._def.schema;
|
|
9759
12017
|
continue;
|
|
9760
12018
|
default:
|
|
9761
|
-
return {
|
|
12019
|
+
return {
|
|
12020
|
+
schema: current,
|
|
12021
|
+
required,
|
|
12022
|
+
description: description ?? current.description
|
|
12023
|
+
};
|
|
9762
12024
|
}
|
|
9763
12025
|
}
|
|
9764
12026
|
}
|
|
9765
12027
|
function mcpParameterFromZod(fieldName, schema, contractName) {
|
|
9766
|
-
const {
|
|
12028
|
+
const {
|
|
12029
|
+
schema: unwrapped,
|
|
12030
|
+
required,
|
|
12031
|
+
description: schemaDescription
|
|
12032
|
+
} = unwrapMcpParameterSchema(schema);
|
|
9767
12033
|
const description = schemaDescription ?? unwrapped.description ?? fieldName;
|
|
9768
12034
|
switch (unwrapped._def.typeName) {
|
|
9769
12035
|
case z.ZodFirstPartyTypeKind.ZodString:
|
|
@@ -9808,10 +12074,12 @@ function mcpContractFromArgsSchema(base, args, contractName) {
|
|
|
9808
12074
|
const entries2 = Object.entries(getObjectShape(args)).sort(
|
|
9809
12075
|
([left], [right]) => left.localeCompare(right)
|
|
9810
12076
|
);
|
|
9811
|
-
const converted = entries2.map(
|
|
9812
|
-
fieldName,
|
|
9813
|
-
|
|
9814
|
-
|
|
12077
|
+
const converted = entries2.map(
|
|
12078
|
+
([fieldName, schema]) => [
|
|
12079
|
+
fieldName,
|
|
12080
|
+
mcpParameterFromZod(fieldName, schema, contractName)
|
|
12081
|
+
]
|
|
12082
|
+
);
|
|
9815
12083
|
return {
|
|
9816
12084
|
...base,
|
|
9817
12085
|
parameters: Object.fromEntries(
|
|
@@ -9920,9 +12188,16 @@ function surfaceContract(args) {
|
|
|
9920
12188
|
scopes: args.scopes ?? [
|
|
9921
12189
|
args.kind === "query" ? `${args.domain}.read` : `${args.domain}.write`
|
|
9922
12190
|
],
|
|
9923
|
-
allowedPrincipalTypes: [
|
|
12191
|
+
allowedPrincipalTypes: [
|
|
12192
|
+
"user",
|
|
12193
|
+
"service",
|
|
12194
|
+
"agent",
|
|
12195
|
+
"group",
|
|
12196
|
+
"external_viewer"
|
|
12197
|
+
]
|
|
9924
12198
|
},
|
|
9925
12199
|
convex: args.convex,
|
|
12200
|
+
gateway: args.gateway,
|
|
9926
12201
|
args: canonicalArgs,
|
|
9927
12202
|
returns: canonicalReturns,
|
|
9928
12203
|
input,
|
|
@@ -10061,8 +12336,6 @@ var contextContracts = [
|
|
|
10061
12336
|
args: observationContextArgs
|
|
10062
12337
|
})
|
|
10063
12338
|
];
|
|
10064
|
-
|
|
10065
|
-
// ../contracts/src/function-registry/identity.ts
|
|
10066
12339
|
var withPrincipal = (input, context) => ({
|
|
10067
12340
|
...input,
|
|
10068
12341
|
tenantId: input.tenantId ?? context.tenantId,
|
|
@@ -10081,11 +12354,30 @@ var identityContracts = [
|
|
|
10081
12354
|
sdkNamespace: "identity",
|
|
10082
12355
|
sdkMethod: "whoami",
|
|
10083
12356
|
summary: "Describe the current gateway principal.",
|
|
12357
|
+
gateway: {
|
|
12358
|
+
handler: "identity.whoami"
|
|
12359
|
+
}
|
|
12360
|
+
}),
|
|
12361
|
+
surfaceContract({
|
|
12362
|
+
name: "resolve_interactive_principal",
|
|
12363
|
+
kind: "query",
|
|
12364
|
+
domain: "controlPlane",
|
|
12365
|
+
surfaceClass: "platform_public",
|
|
12366
|
+
method: "POST",
|
|
12367
|
+
path: "/control-plane/identity/resolve-interactive-principal",
|
|
12368
|
+
sdkNamespace: "controlPlane.identity",
|
|
12369
|
+
sdkMethod: "resolveInteractivePrincipal",
|
|
12370
|
+
summary: "Resolve an authenticated Clerk user into a Permit-backed Lucern principal context.",
|
|
12371
|
+
args: z.object({
|
|
12372
|
+
clerkId: z.string().min(1),
|
|
12373
|
+
tenantId: z.string().min(1).optional(),
|
|
12374
|
+
workspaceId: z.string().min(1).optional(),
|
|
12375
|
+
providerProjectId: z.string().min(1).optional()
|
|
12376
|
+
}),
|
|
10084
12377
|
convex: {
|
|
10085
|
-
module: "
|
|
10086
|
-
functionName: "
|
|
10087
|
-
kind: "query"
|
|
10088
|
-
inputProjection: withPrincipal
|
|
12378
|
+
module: "platform",
|
|
12379
|
+
functionName: "resolveInteractivePrincipal",
|
|
12380
|
+
kind: "query"
|
|
10089
12381
|
}
|
|
10090
12382
|
}),
|
|
10091
12383
|
surfaceContract({
|
|
@@ -10167,15 +12459,6 @@ var beliefLookupInput = (input) => compactRecord4({
|
|
|
10167
12459
|
var beliefNodeInput = (input) => compactRecord4({
|
|
10168
12460
|
nodeId: input.nodeId ?? input.id ?? input.beliefId
|
|
10169
12461
|
});
|
|
10170
|
-
var beliefTopicInput = (input) => {
|
|
10171
|
-
const parsed = listBeliefsProjection.inputSchema.safeParse(input);
|
|
10172
|
-
if (!parsed.success) {
|
|
10173
|
-
throw new Error(
|
|
10174
|
-
`list_beliefs projection input rejected: ${parsed.error.message}`
|
|
10175
|
-
);
|
|
10176
|
-
}
|
|
10177
|
-
return compactRecord4(listBeliefsProjection.project(parsed.data));
|
|
10178
|
-
};
|
|
10179
12462
|
var createBeliefInput = (input, context) => {
|
|
10180
12463
|
return withUserId(
|
|
10181
12464
|
compactRecord4({
|
|
@@ -10264,11 +12547,8 @@ var beliefsContracts = [
|
|
|
10264
12547
|
sdkNamespace: "beliefs",
|
|
10265
12548
|
sdkMethod: "listBeliefs",
|
|
10266
12549
|
summary: "List beliefs for a topic.",
|
|
10267
|
-
|
|
10268
|
-
|
|
10269
|
-
functionName: "getByTopic",
|
|
10270
|
-
kind: "query",
|
|
10271
|
-
inputProjection: beliefTopicInput
|
|
12550
|
+
gateway: {
|
|
12551
|
+
handler: "beliefs.list"
|
|
10272
12552
|
},
|
|
10273
12553
|
args: listBeliefsInputSchema
|
|
10274
12554
|
}),
|
|
@@ -10409,7 +12689,7 @@ var beliefsContracts = [
|
|
|
10409
12689
|
})
|
|
10410
12690
|
];
|
|
10411
12691
|
var jsonRecordSchema4 = z.record(z.unknown());
|
|
10412
|
-
var evidenceRelationSchema = z.enum(["supports", "contradicts"
|
|
12692
|
+
var evidenceRelationSchema = z.enum(["supports", "contradicts"]);
|
|
10413
12693
|
var createEvidenceArgs = z.object({
|
|
10414
12694
|
topicId: z.string().optional().describe("Topic scope for the evidence."),
|
|
10415
12695
|
text: z.string().describe("Canonical evidence text."),
|
|
@@ -10453,12 +12733,6 @@ var evidenceIdInput = (input) => compactRecord4({
|
|
|
10453
12733
|
insightId: input.insightId,
|
|
10454
12734
|
nodeId: input.nodeId ?? input.id ?? input.evidenceId
|
|
10455
12735
|
});
|
|
10456
|
-
var evidenceTopicInput = (input) => compactRecord4({
|
|
10457
|
-
topicId: input.topicId,
|
|
10458
|
-
status: input.status,
|
|
10459
|
-
userId: input.userId,
|
|
10460
|
-
limit: input.limit
|
|
10461
|
-
});
|
|
10462
12736
|
var createEvidenceInput = (input, context) => {
|
|
10463
12737
|
const parsed = createEvidenceProjection.inputSchema.safeParse(input);
|
|
10464
12738
|
if (!parsed.success) {
|
|
@@ -10589,11 +12863,8 @@ var evidenceContracts = [
|
|
|
10589
12863
|
sdkNamespace: "evidence",
|
|
10590
12864
|
sdkMethod: "listEvidence",
|
|
10591
12865
|
summary: "List evidence for a topic.",
|
|
10592
|
-
|
|
10593
|
-
|
|
10594
|
-
functionName: "getByTopic",
|
|
10595
|
-
kind: "query",
|
|
10596
|
-
inputProjection: evidenceTopicInput
|
|
12866
|
+
gateway: {
|
|
12867
|
+
handler: "evidence.list"
|
|
10597
12868
|
}
|
|
10598
12869
|
}),
|
|
10599
12870
|
surfaceContract({
|
|
@@ -10828,11 +13099,8 @@ var questionsContracts = [
|
|
|
10828
13099
|
sdkNamespace: "questions",
|
|
10829
13100
|
sdkMethod: "listQuestions",
|
|
10830
13101
|
summary: "List questions for a topic.",
|
|
10831
|
-
|
|
10832
|
-
|
|
10833
|
-
functionName: "getByTopic",
|
|
10834
|
-
kind: "query",
|
|
10835
|
-
inputProjection: questionTopicInput
|
|
13102
|
+
gateway: {
|
|
13103
|
+
handler: "questions.list"
|
|
10836
13104
|
}
|
|
10837
13105
|
}),
|
|
10838
13106
|
surfaceContract({
|
|
@@ -11035,18 +13303,50 @@ var questionsContracts = [
|
|
|
11035
13303
|
args: falsificationQuestionsArgs
|
|
11036
13304
|
})
|
|
11037
13305
|
];
|
|
13306
|
+
var topicVisibilitySchema = z.enum([
|
|
13307
|
+
"private",
|
|
13308
|
+
"team",
|
|
13309
|
+
"firm",
|
|
13310
|
+
"external",
|
|
13311
|
+
"public"
|
|
13312
|
+
]);
|
|
13313
|
+
var topicStatusSchema = z.enum(["active", "archived", "watching"]);
|
|
13314
|
+
var createTopicArgs = z.object({
|
|
13315
|
+
globalId: z.string().optional().describe("Optional idempotent topic global ID."),
|
|
13316
|
+
name: z.string().describe("Topic name."),
|
|
13317
|
+
description: z.string().optional().describe("Topic description."),
|
|
13318
|
+
type: z.string().describe("Topic type."),
|
|
13319
|
+
parentTopicId: z.string().optional().describe("Optional parent topic ID."),
|
|
13320
|
+
parentTopicGlobalId: z.string().optional().describe("Optional parent topic global ID."),
|
|
13321
|
+
ontologyId: z.string().optional().describe("Ontology to bind."),
|
|
13322
|
+
tenantId: z.string().optional().describe("Optional tenant scope."),
|
|
13323
|
+
workspaceId: z.string().optional().describe("Optional workspace scope."),
|
|
13324
|
+
visibility: topicVisibilitySchema.optional().describe("Topic visibility."),
|
|
13325
|
+
metadata: z.record(z.unknown()).optional().describe("Topic metadata."),
|
|
13326
|
+
graphScopeProjectId: z.string().optional(),
|
|
13327
|
+
createdBy: z.string().optional()
|
|
13328
|
+
});
|
|
11038
13329
|
var updateTopicArgs = z.object({
|
|
11039
13330
|
id: z.string().describe("Topic ID."),
|
|
11040
13331
|
topicId: z.string().optional().describe("Topic ID alias."),
|
|
11041
13332
|
name: z.string().optional().describe("Topic name."),
|
|
11042
13333
|
description: z.string().optional().describe("Topic description."),
|
|
11043
13334
|
type: z.string().optional().describe("Topic type."),
|
|
11044
|
-
status:
|
|
11045
|
-
visibility:
|
|
13335
|
+
status: topicStatusSchema.optional().describe("Topic status."),
|
|
13336
|
+
visibility: topicVisibilitySchema.optional().describe("Topic visibility."),
|
|
11046
13337
|
ontologyId: z.string().optional().describe("Ontology to bind."),
|
|
11047
13338
|
clearOntologyId: z.boolean().optional().describe("Whether to clear the ontology binding."),
|
|
11048
13339
|
metadata: z.record(z.unknown()).optional().describe("Topic metadata.")
|
|
11049
13340
|
});
|
|
13341
|
+
var materializeTopicGraphArgs = z.object({
|
|
13342
|
+
rootTopicId: z.string().optional().describe("Optional root topic ID."),
|
|
13343
|
+
dryRun: z.boolean().optional().describe("Report missing rows without writing."),
|
|
13344
|
+
createdBy: z.string().optional()
|
|
13345
|
+
});
|
|
13346
|
+
var getTopicGraphSpineArgs = z.object({
|
|
13347
|
+
rootTopicId: z.string().optional().describe("Optional root topic ID."),
|
|
13348
|
+
includeTopicBeliefEdges: z.boolean().optional()
|
|
13349
|
+
});
|
|
11050
13350
|
var topicIdInput = (input) => compactRecord4({
|
|
11051
13351
|
id: input.id ?? input.topicId
|
|
11052
13352
|
});
|
|
@@ -11064,87 +13364,488 @@ var updateTopicInput = (input) => compactRecord4({
|
|
|
11064
13364
|
});
|
|
11065
13365
|
var topicsContracts = [
|
|
11066
13366
|
surfaceContract({
|
|
11067
|
-
name: "create_topic",
|
|
13367
|
+
name: "create_topic",
|
|
13368
|
+
kind: "mutation",
|
|
13369
|
+
domain: "topics",
|
|
13370
|
+
surfaceClass: "platform_public",
|
|
13371
|
+
path: "/topics",
|
|
13372
|
+
sdkNamespace: "topics",
|
|
13373
|
+
sdkMethod: "createTopic",
|
|
13374
|
+
summary: "Create a topic.",
|
|
13375
|
+
convex: {
|
|
13376
|
+
module: "topics",
|
|
13377
|
+
functionName: "create",
|
|
13378
|
+
kind: "mutation",
|
|
13379
|
+
inputProjection: withCreatedBy
|
|
13380
|
+
},
|
|
13381
|
+
args: createTopicArgs
|
|
13382
|
+
}),
|
|
13383
|
+
surfaceContract({
|
|
13384
|
+
name: "get_topic",
|
|
13385
|
+
kind: "query",
|
|
13386
|
+
domain: "topics",
|
|
13387
|
+
surfaceClass: "platform_public",
|
|
13388
|
+
method: "GET",
|
|
13389
|
+
path: "/topics/get",
|
|
13390
|
+
sdkNamespace: "topics",
|
|
13391
|
+
sdkMethod: "getTopic",
|
|
13392
|
+
summary: "Get a topic.",
|
|
13393
|
+
convex: {
|
|
13394
|
+
module: "topics",
|
|
13395
|
+
functionName: "get",
|
|
13396
|
+
kind: "query",
|
|
13397
|
+
inputProjection: topicIdInput
|
|
13398
|
+
}
|
|
13399
|
+
}),
|
|
13400
|
+
surfaceContract({
|
|
13401
|
+
name: "list_topics",
|
|
13402
|
+
kind: "query",
|
|
13403
|
+
domain: "topics",
|
|
13404
|
+
surfaceClass: "platform_public",
|
|
13405
|
+
method: "GET",
|
|
13406
|
+
path: "/topics",
|
|
13407
|
+
sdkNamespace: "topics",
|
|
13408
|
+
sdkMethod: "listTopics",
|
|
13409
|
+
summary: "List topics.",
|
|
13410
|
+
convex: {
|
|
13411
|
+
module: "topics",
|
|
13412
|
+
functionName: "list",
|
|
13413
|
+
kind: "query"
|
|
13414
|
+
}
|
|
13415
|
+
}),
|
|
13416
|
+
surfaceContract({
|
|
13417
|
+
name: "update_topic",
|
|
13418
|
+
kind: "mutation",
|
|
13419
|
+
domain: "topics",
|
|
13420
|
+
surfaceClass: "platform_public",
|
|
13421
|
+
method: "PATCH",
|
|
13422
|
+
path: "/topics",
|
|
13423
|
+
sdkNamespace: "topics",
|
|
13424
|
+
sdkMethod: "updateTopic",
|
|
13425
|
+
summary: "Update a topic.",
|
|
13426
|
+
convex: {
|
|
13427
|
+
module: "topics",
|
|
13428
|
+
functionName: "update",
|
|
13429
|
+
kind: "mutation",
|
|
13430
|
+
inputProjection: updateTopicInput
|
|
13431
|
+
},
|
|
13432
|
+
args: updateTopicArgs
|
|
13433
|
+
}),
|
|
13434
|
+
surfaceContract({
|
|
13435
|
+
name: "get_topic_tree",
|
|
13436
|
+
kind: "query",
|
|
13437
|
+
domain: "topics",
|
|
13438
|
+
surfaceClass: "platform_public",
|
|
13439
|
+
method: "GET",
|
|
13440
|
+
path: "/topics/tree",
|
|
13441
|
+
sdkNamespace: "topics",
|
|
13442
|
+
sdkMethod: "getTopicTree",
|
|
13443
|
+
summary: "Get a topic tree.",
|
|
13444
|
+
convex: {
|
|
13445
|
+
module: "topics",
|
|
13446
|
+
functionName: "getTree",
|
|
13447
|
+
kind: "query"
|
|
13448
|
+
}
|
|
13449
|
+
}),
|
|
13450
|
+
surfaceContract({
|
|
13451
|
+
name: "materialize_topic_graph",
|
|
13452
|
+
kind: "mutation",
|
|
13453
|
+
domain: "topics",
|
|
13454
|
+
surfaceClass: "platform_public",
|
|
13455
|
+
path: "/topics/materialize-graph",
|
|
13456
|
+
sdkNamespace: "topics",
|
|
13457
|
+
sdkMethod: "materializeTopicGraph",
|
|
13458
|
+
summary: "Materialize topic nodes and parent-child graph edges.",
|
|
13459
|
+
convex: {
|
|
13460
|
+
module: "topics",
|
|
13461
|
+
functionName: "materializeTopicGraph",
|
|
13462
|
+
kind: "mutation",
|
|
13463
|
+
inputProjection: withCreatedBy
|
|
13464
|
+
},
|
|
13465
|
+
args: materializeTopicGraphArgs
|
|
13466
|
+
}),
|
|
13467
|
+
surfaceContract({
|
|
13468
|
+
name: "get_topic_graph_spine",
|
|
13469
|
+
kind: "query",
|
|
13470
|
+
domain: "topics",
|
|
13471
|
+
surfaceClass: "platform_public",
|
|
13472
|
+
method: "GET",
|
|
13473
|
+
path: "/topics/graph-spine",
|
|
13474
|
+
sdkNamespace: "topics",
|
|
13475
|
+
sdkMethod: "getTopicGraphSpine",
|
|
13476
|
+
summary: "Verify topic nodes and parent-child graph edges.",
|
|
13477
|
+
convex: {
|
|
13478
|
+
module: "topics",
|
|
13479
|
+
functionName: "getTopicGraphSpine",
|
|
13480
|
+
kind: "query"
|
|
13481
|
+
},
|
|
13482
|
+
args: getTopicGraphSpineArgs
|
|
13483
|
+
})
|
|
13484
|
+
];
|
|
13485
|
+
var sourceTypeSchema2 = z.enum([
|
|
13486
|
+
"human",
|
|
13487
|
+
"ai_extracted",
|
|
13488
|
+
"ai_generated",
|
|
13489
|
+
"imported",
|
|
13490
|
+
"system",
|
|
13491
|
+
"verified",
|
|
13492
|
+
"proprietary"
|
|
13493
|
+
]);
|
|
13494
|
+
var verificationStatusSchema = z.enum([
|
|
13495
|
+
"unverified",
|
|
13496
|
+
"human_verified",
|
|
13497
|
+
"ai_verified",
|
|
13498
|
+
"contradicted",
|
|
13499
|
+
"outdated"
|
|
13500
|
+
]);
|
|
13501
|
+
var nodeStatusSchema = z.enum([
|
|
13502
|
+
"active",
|
|
13503
|
+
"superseded",
|
|
13504
|
+
"archived",
|
|
13505
|
+
"deleted"
|
|
13506
|
+
]);
|
|
13507
|
+
var externalIdsArgs = z.object({
|
|
13508
|
+
crunchbase: z.string().optional(),
|
|
13509
|
+
linkedin: z.string().optional(),
|
|
13510
|
+
pitchbook: z.string().optional(),
|
|
13511
|
+
twitter: z.string().optional(),
|
|
13512
|
+
website: z.string().optional()
|
|
13513
|
+
}).optional();
|
|
13514
|
+
var createEpistemicNodeItemArgs = z.object({
|
|
13515
|
+
globalId: z.string().optional().describe("Optional idempotent node global ID."),
|
|
13516
|
+
nodeType: NODE_TYPE.describe("Public epistemic node type."),
|
|
13517
|
+
subtype: z.string().optional(),
|
|
13518
|
+
canonicalText: z.string().optional().describe("Canonical node text."),
|
|
13519
|
+
text: z.string().optional().describe("Alias for canonicalText."),
|
|
13520
|
+
contentHash: z.string().optional().describe("Optional idempotency content hash."),
|
|
13521
|
+
content: z.string().optional(),
|
|
13522
|
+
contentType: z.string().optional(),
|
|
13523
|
+
title: z.string().optional(),
|
|
13524
|
+
tags: z.array(z.string()).optional(),
|
|
13525
|
+
domain: z.string().optional(),
|
|
13526
|
+
metadata: z.record(z.unknown()).optional(),
|
|
13527
|
+
externalIds: externalIdsArgs,
|
|
13528
|
+
sourceType: sourceTypeSchema2.optional(),
|
|
13529
|
+
aiProvider: z.string().optional(),
|
|
13530
|
+
extractedFromNodeId: z.string().optional(),
|
|
13531
|
+
confidence: z.number().optional(),
|
|
13532
|
+
verificationStatus: verificationStatusSchema.optional(),
|
|
13533
|
+
topicId: z.string().optional(),
|
|
13534
|
+
projectId: z.string().optional(),
|
|
13535
|
+
createdBy: z.string().optional(),
|
|
13536
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13537
|
+
});
|
|
13538
|
+
var createEpistemicNodeArgs = createEpistemicNodeItemArgs;
|
|
13539
|
+
var batchCreateEpistemicNodesArgs = z.object({
|
|
13540
|
+
nodes: z.array(createEpistemicNodeItemArgs)
|
|
13541
|
+
});
|
|
13542
|
+
var getEpistemicNodeArgs = z.object({
|
|
13543
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13544
|
+
globalId: z.string().optional().describe("Node global ID alias.")
|
|
13545
|
+
});
|
|
13546
|
+
var listEpistemicNodesArgs = z.object({
|
|
13547
|
+
topicId: z.string().optional(),
|
|
13548
|
+
projectId: z.string().optional(),
|
|
13549
|
+
nodeType: NODE_TYPE.optional(),
|
|
13550
|
+
status: nodeStatusSchema.optional(),
|
|
13551
|
+
searchQuery: z.string().optional(),
|
|
13552
|
+
query: z.string().optional(),
|
|
13553
|
+
limit: z.number().optional()
|
|
13554
|
+
});
|
|
13555
|
+
var updateEpistemicNodeArgs = z.object({
|
|
13556
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13557
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13558
|
+
subtype: z.string().optional(),
|
|
13559
|
+
canonicalText: z.string().optional(),
|
|
13560
|
+
text: z.string().optional(),
|
|
13561
|
+
contentHash: z.string().optional(),
|
|
13562
|
+
content: z.string().optional(),
|
|
13563
|
+
contentType: z.string().optional(),
|
|
13564
|
+
title: z.string().optional(),
|
|
13565
|
+
tags: z.array(z.string()).optional(),
|
|
13566
|
+
domain: z.string().optional(),
|
|
13567
|
+
metadata: z.record(z.unknown()).optional(),
|
|
13568
|
+
externalIds: externalIdsArgs,
|
|
13569
|
+
confidence: z.number().optional(),
|
|
13570
|
+
verificationStatus: verificationStatusSchema.optional(),
|
|
13571
|
+
status: nodeStatusSchema.optional(),
|
|
13572
|
+
userId: z.string().optional(),
|
|
13573
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13574
|
+
});
|
|
13575
|
+
var archiveEpistemicNodeArgs = z.object({
|
|
13576
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13577
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13578
|
+
userId: z.string().optional(),
|
|
13579
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13580
|
+
});
|
|
13581
|
+
var verifyEpistemicNodeArgs = z.object({
|
|
13582
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13583
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13584
|
+
verificationStatus: verificationStatusSchema,
|
|
13585
|
+
confidence: z.number().optional(),
|
|
13586
|
+
userId: z.string().optional()
|
|
13587
|
+
});
|
|
13588
|
+
var supersedeEpistemicNodeArgs = z.object({
|
|
13589
|
+
oldNodeId: z.string().describe("Node ID or global ID to supersede."),
|
|
13590
|
+
nodeId: z.string().optional().describe("Old node ID alias."),
|
|
13591
|
+
newGlobalId: z.string().optional(),
|
|
13592
|
+
newCanonicalText: z.string().optional(),
|
|
13593
|
+
text: z.string().optional(),
|
|
13594
|
+
canonicalText: z.string().optional(),
|
|
13595
|
+
newContentHash: z.string().optional(),
|
|
13596
|
+
reason: z.string().optional(),
|
|
13597
|
+
createdBy: z.string().optional(),
|
|
13598
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13599
|
+
});
|
|
13600
|
+
function generatedGlobalId(prefix) {
|
|
13601
|
+
return `${prefix}:${crypto.randomUUID()}`;
|
|
13602
|
+
}
|
|
13603
|
+
function resolveCanonicalText(input) {
|
|
13604
|
+
const text = input.canonicalText ?? input.text ?? input.title ?? input.content;
|
|
13605
|
+
if (typeof text !== "string" || text.trim().length === 0) {
|
|
13606
|
+
throw new Error("canonicalText or text is required.");
|
|
13607
|
+
}
|
|
13608
|
+
return text;
|
|
13609
|
+
}
|
|
13610
|
+
function createNodeInput(input, context) {
|
|
13611
|
+
const canonicalText = resolveCanonicalText(input);
|
|
13612
|
+
const nodeType = String(input.nodeType);
|
|
13613
|
+
return withCreatedBy(
|
|
13614
|
+
compactRecord4({
|
|
13615
|
+
globalId: typeof input.globalId === "string" && input.globalId.trim() ? input.globalId : generatedGlobalId(nodeType),
|
|
13616
|
+
nodeType,
|
|
13617
|
+
subtype: input.subtype,
|
|
13618
|
+
canonicalText,
|
|
13619
|
+
contentHash: typeof input.contentHash === "string" && input.contentHash.trim() ? input.contentHash : `${nodeType}:${canonicalText}`,
|
|
13620
|
+
content: input.content,
|
|
13621
|
+
contentType: input.contentType,
|
|
13622
|
+
title: input.title,
|
|
13623
|
+
tags: input.tags,
|
|
13624
|
+
domain: input.domain,
|
|
13625
|
+
metadata: input.metadata,
|
|
13626
|
+
externalIds: input.externalIds,
|
|
13627
|
+
sourceType: typeof input.sourceType === "string" && input.sourceType.trim() ? input.sourceType : "human",
|
|
13628
|
+
aiProvider: input.aiProvider,
|
|
13629
|
+
extractedFromNodeId: input.extractedFromNodeId,
|
|
13630
|
+
confidence: input.confidence,
|
|
13631
|
+
verificationStatus: input.verificationStatus,
|
|
13632
|
+
topicId: input.topicId,
|
|
13633
|
+
projectId: input.projectId
|
|
13634
|
+
}),
|
|
13635
|
+
context
|
|
13636
|
+
);
|
|
13637
|
+
}
|
|
13638
|
+
var getNodeInput = (input) => compactRecord4({
|
|
13639
|
+
nodeId: input.nodeId ?? input.globalId
|
|
13640
|
+
});
|
|
13641
|
+
var listNodesInput = (input) => compactRecord4({
|
|
13642
|
+
topicId: input.topicId,
|
|
13643
|
+
projectId: input.projectId,
|
|
13644
|
+
nodeType: input.nodeType,
|
|
13645
|
+
status: input.status,
|
|
13646
|
+
searchQuery: input.searchQuery ?? input.query,
|
|
13647
|
+
limit: input.limit
|
|
13648
|
+
});
|
|
13649
|
+
var updateNodeInput = (input, context) => withUserId(
|
|
13650
|
+
compactRecord4({
|
|
13651
|
+
nodeId: input.nodeId ?? input.id,
|
|
13652
|
+
subtype: input.subtype,
|
|
13653
|
+
canonicalText: input.canonicalText ?? input.text,
|
|
13654
|
+
contentHash: input.contentHash,
|
|
13655
|
+
content: input.content,
|
|
13656
|
+
contentType: input.contentType,
|
|
13657
|
+
title: input.title,
|
|
13658
|
+
tags: input.tags,
|
|
13659
|
+
domain: input.domain,
|
|
13660
|
+
metadata: input.metadata,
|
|
13661
|
+
externalIds: input.externalIds,
|
|
13662
|
+
confidence: input.confidence,
|
|
13663
|
+
verificationStatus: input.verificationStatus,
|
|
13664
|
+
status: input.status,
|
|
13665
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13666
|
+
}),
|
|
13667
|
+
context
|
|
13668
|
+
);
|
|
13669
|
+
var archiveNodeInput = (input, context) => withUserId(
|
|
13670
|
+
compactRecord4({
|
|
13671
|
+
nodeId: input.nodeId ?? input.id,
|
|
13672
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13673
|
+
}),
|
|
13674
|
+
context
|
|
13675
|
+
);
|
|
13676
|
+
var verifyNodeInput = (input, context) => withUserId(
|
|
13677
|
+
compactRecord4({
|
|
13678
|
+
nodeId: input.nodeId ?? input.id,
|
|
13679
|
+
verificationStatus: input.verificationStatus,
|
|
13680
|
+
confidence: input.confidence
|
|
13681
|
+
}),
|
|
13682
|
+
context
|
|
13683
|
+
);
|
|
13684
|
+
var supersedeNodeInput = (input, context) => {
|
|
13685
|
+
const newCanonicalText = input.newCanonicalText ?? input.canonicalText ?? input.text;
|
|
13686
|
+
if (typeof newCanonicalText !== "string" || newCanonicalText.trim().length === 0) {
|
|
13687
|
+
throw new Error("newCanonicalText or text is required.");
|
|
13688
|
+
}
|
|
13689
|
+
return {
|
|
13690
|
+
oldNodeId: input.oldNodeId ?? input.nodeId,
|
|
13691
|
+
newGlobalId: typeof input.newGlobalId === "string" && input.newGlobalId.trim() ? input.newGlobalId : generatedGlobalId("node"),
|
|
13692
|
+
newCanonicalText,
|
|
13693
|
+
newContentHash: typeof input.newContentHash === "string" && input.newContentHash.trim() ? input.newContentHash : `superseded:${newCanonicalText}`,
|
|
13694
|
+
createdBy: typeof input.createdBy === "string" ? input.createdBy : authUserId(context),
|
|
13695
|
+
reason: input.reason,
|
|
13696
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13697
|
+
};
|
|
13698
|
+
};
|
|
13699
|
+
var batchCreateNodesInput = (input, context) => {
|
|
13700
|
+
const nodes = Array.isArray(input.nodes) ? input.nodes : [];
|
|
13701
|
+
return {
|
|
13702
|
+
nodes: nodes.map(
|
|
13703
|
+
(node) => createNodeInput(
|
|
13704
|
+
node && typeof node === "object" ? node : {},
|
|
13705
|
+
context
|
|
13706
|
+
)
|
|
13707
|
+
)
|
|
13708
|
+
};
|
|
13709
|
+
};
|
|
13710
|
+
var nodesContracts = [
|
|
13711
|
+
surfaceContract({
|
|
13712
|
+
name: "create_epistemic_node",
|
|
11068
13713
|
kind: "mutation",
|
|
11069
|
-
domain: "
|
|
13714
|
+
domain: "nodes",
|
|
11070
13715
|
surfaceClass: "platform_public",
|
|
11071
|
-
path: "/
|
|
11072
|
-
sdkNamespace: "
|
|
11073
|
-
sdkMethod: "
|
|
11074
|
-
summary: "Create a
|
|
13716
|
+
path: "/nodes",
|
|
13717
|
+
sdkNamespace: "nodes",
|
|
13718
|
+
sdkMethod: "createEpistemicNode",
|
|
13719
|
+
summary: "Create a generic epistemic graph node.",
|
|
11075
13720
|
convex: {
|
|
11076
|
-
module: "
|
|
13721
|
+
module: "nodes",
|
|
11077
13722
|
functionName: "create",
|
|
11078
13723
|
kind: "mutation",
|
|
11079
|
-
inputProjection:
|
|
11080
|
-
}
|
|
13724
|
+
inputProjection: createNodeInput
|
|
13725
|
+
},
|
|
13726
|
+
args: createEpistemicNodeArgs
|
|
11081
13727
|
}),
|
|
11082
13728
|
surfaceContract({
|
|
11083
|
-
name: "
|
|
13729
|
+
name: "get_epistemic_node",
|
|
11084
13730
|
kind: "query",
|
|
11085
|
-
domain: "
|
|
13731
|
+
domain: "nodes",
|
|
11086
13732
|
surfaceClass: "platform_public",
|
|
11087
13733
|
method: "GET",
|
|
11088
|
-
path: "/
|
|
11089
|
-
sdkNamespace: "
|
|
11090
|
-
sdkMethod: "
|
|
11091
|
-
summary: "Get a
|
|
13734
|
+
path: "/nodes/get",
|
|
13735
|
+
sdkNamespace: "nodes",
|
|
13736
|
+
sdkMethod: "getEpistemicNode",
|
|
13737
|
+
summary: "Get a generic epistemic graph node.",
|
|
11092
13738
|
convex: {
|
|
11093
|
-
module: "
|
|
13739
|
+
module: "nodes",
|
|
11094
13740
|
functionName: "get",
|
|
11095
13741
|
kind: "query",
|
|
11096
|
-
inputProjection:
|
|
11097
|
-
}
|
|
13742
|
+
inputProjection: getNodeInput
|
|
13743
|
+
},
|
|
13744
|
+
args: getEpistemicNodeArgs
|
|
11098
13745
|
}),
|
|
11099
13746
|
surfaceContract({
|
|
11100
|
-
name: "
|
|
13747
|
+
name: "list_epistemic_nodes",
|
|
11101
13748
|
kind: "query",
|
|
11102
|
-
domain: "
|
|
13749
|
+
domain: "nodes",
|
|
11103
13750
|
surfaceClass: "platform_public",
|
|
11104
13751
|
method: "GET",
|
|
11105
|
-
path: "/
|
|
11106
|
-
sdkNamespace: "
|
|
11107
|
-
sdkMethod: "
|
|
11108
|
-
summary: "List
|
|
13752
|
+
path: "/nodes",
|
|
13753
|
+
sdkNamespace: "nodes",
|
|
13754
|
+
sdkMethod: "listEpistemicNodes",
|
|
13755
|
+
summary: "List generic epistemic graph nodes.",
|
|
11109
13756
|
convex: {
|
|
11110
|
-
module: "
|
|
13757
|
+
module: "nodes",
|
|
11111
13758
|
functionName: "list",
|
|
11112
|
-
kind: "query"
|
|
11113
|
-
|
|
13759
|
+
kind: "query",
|
|
13760
|
+
inputProjection: listNodesInput
|
|
13761
|
+
},
|
|
13762
|
+
args: listEpistemicNodesArgs
|
|
11114
13763
|
}),
|
|
11115
13764
|
surfaceContract({
|
|
11116
|
-
name: "
|
|
13765
|
+
name: "update_epistemic_node",
|
|
11117
13766
|
kind: "mutation",
|
|
11118
|
-
domain: "
|
|
13767
|
+
domain: "nodes",
|
|
11119
13768
|
surfaceClass: "platform_public",
|
|
11120
13769
|
method: "PATCH",
|
|
11121
|
-
path: "/
|
|
11122
|
-
sdkNamespace: "
|
|
11123
|
-
sdkMethod: "
|
|
11124
|
-
summary: "Update a
|
|
13770
|
+
path: "/nodes",
|
|
13771
|
+
sdkNamespace: "nodes",
|
|
13772
|
+
sdkMethod: "updateEpistemicNode",
|
|
13773
|
+
summary: "Update a generic epistemic graph node.",
|
|
11125
13774
|
convex: {
|
|
11126
|
-
module: "
|
|
13775
|
+
module: "nodes",
|
|
11127
13776
|
functionName: "update",
|
|
11128
13777
|
kind: "mutation",
|
|
11129
|
-
inputProjection:
|
|
13778
|
+
inputProjection: updateNodeInput
|
|
11130
13779
|
},
|
|
11131
|
-
args:
|
|
13780
|
+
args: updateEpistemicNodeArgs
|
|
11132
13781
|
}),
|
|
11133
13782
|
surfaceContract({
|
|
11134
|
-
name: "
|
|
11135
|
-
kind: "
|
|
11136
|
-
domain: "
|
|
13783
|
+
name: "archive_epistemic_node",
|
|
13784
|
+
kind: "mutation",
|
|
13785
|
+
domain: "nodes",
|
|
11137
13786
|
surfaceClass: "platform_public",
|
|
11138
|
-
|
|
11139
|
-
|
|
11140
|
-
|
|
11141
|
-
|
|
11142
|
-
summary: "Get a topic tree.",
|
|
13787
|
+
path: "/nodes/archive",
|
|
13788
|
+
sdkNamespace: "nodes",
|
|
13789
|
+
sdkMethod: "archiveEpistemicNode",
|
|
13790
|
+
summary: "Archive a generic epistemic graph node.",
|
|
11143
13791
|
convex: {
|
|
11144
|
-
module: "
|
|
11145
|
-
functionName: "
|
|
11146
|
-
kind: "
|
|
11147
|
-
|
|
13792
|
+
module: "nodes",
|
|
13793
|
+
functionName: "archive",
|
|
13794
|
+
kind: "mutation",
|
|
13795
|
+
inputProjection: archiveNodeInput
|
|
13796
|
+
},
|
|
13797
|
+
args: archiveEpistemicNodeArgs
|
|
13798
|
+
}),
|
|
13799
|
+
surfaceContract({
|
|
13800
|
+
name: "verify_epistemic_node",
|
|
13801
|
+
kind: "mutation",
|
|
13802
|
+
domain: "nodes",
|
|
13803
|
+
surfaceClass: "platform_public",
|
|
13804
|
+
path: "/nodes/verify",
|
|
13805
|
+
sdkNamespace: "nodes",
|
|
13806
|
+
sdkMethod: "verifyEpistemicNode",
|
|
13807
|
+
summary: "Verify a generic epistemic graph node.",
|
|
13808
|
+
convex: {
|
|
13809
|
+
module: "nodes",
|
|
13810
|
+
functionName: "verify",
|
|
13811
|
+
kind: "mutation",
|
|
13812
|
+
inputProjection: verifyNodeInput
|
|
13813
|
+
},
|
|
13814
|
+
args: verifyEpistemicNodeArgs
|
|
13815
|
+
}),
|
|
13816
|
+
surfaceContract({
|
|
13817
|
+
name: "supersede_epistemic_node",
|
|
13818
|
+
kind: "mutation",
|
|
13819
|
+
domain: "nodes",
|
|
13820
|
+
surfaceClass: "platform_public",
|
|
13821
|
+
path: "/nodes/supersede",
|
|
13822
|
+
sdkNamespace: "nodes",
|
|
13823
|
+
sdkMethod: "supersedeEpistemicNode",
|
|
13824
|
+
summary: "Supersede a generic epistemic graph node.",
|
|
13825
|
+
convex: {
|
|
13826
|
+
module: "nodes",
|
|
13827
|
+
functionName: "supersede",
|
|
13828
|
+
kind: "mutation",
|
|
13829
|
+
inputProjection: supersedeNodeInput
|
|
13830
|
+
},
|
|
13831
|
+
args: supersedeEpistemicNodeArgs
|
|
13832
|
+
}),
|
|
13833
|
+
surfaceContract({
|
|
13834
|
+
name: "batch_create_epistemic_nodes",
|
|
13835
|
+
kind: "mutation",
|
|
13836
|
+
domain: "nodes",
|
|
13837
|
+
surfaceClass: "platform_public",
|
|
13838
|
+
path: "/nodes/batch",
|
|
13839
|
+
sdkNamespace: "nodes",
|
|
13840
|
+
sdkMethod: "batchCreateEpistemicNodes",
|
|
13841
|
+
summary: "Batch create generic epistemic graph nodes.",
|
|
13842
|
+
convex: {
|
|
13843
|
+
module: "nodes",
|
|
13844
|
+
functionName: "batchCreate",
|
|
13845
|
+
kind: "mutation",
|
|
13846
|
+
inputProjection: batchCreateNodesInput
|
|
13847
|
+
},
|
|
13848
|
+
args: batchCreateEpistemicNodesArgs
|
|
11148
13849
|
})
|
|
11149
13850
|
];
|
|
11150
13851
|
var lensPerspectiveSchema = z.enum([
|
|
@@ -11504,6 +14205,19 @@ var worktreeEvidenceSignalInputSchema = z.object({
|
|
|
11504
14205
|
progress: z.string().optional().describe("Collection progress note for the signal."),
|
|
11505
14206
|
notes: z.string().optional().describe("Additional evidence collection notes.")
|
|
11506
14207
|
}).passthrough().describe("Evidence signal embedded in the worktree plan.");
|
|
14208
|
+
var worktreeDocCompanionTargetSchema = z.object({
|
|
14209
|
+
docPath: z.string().describe(
|
|
14210
|
+
"Repo-relative path to a documentation file the worktree promises to update."
|
|
14211
|
+
),
|
|
14212
|
+
sectionAnchor: z.string().optional().describe(
|
|
14213
|
+
"Markdown heading anchor (e.g. '## Function-surface manifest') that scopes the promised update."
|
|
14214
|
+
),
|
|
14215
|
+
reason: z.string().describe(
|
|
14216
|
+
"Why this doc section must be updated for the worktree to be complete."
|
|
14217
|
+
)
|
|
14218
|
+
}).passthrough().describe(
|
|
14219
|
+
"Intent-driven docs companion target. pr-gate-reviewer verifies that the PR actually touches each declared (docPath, sectionAnchor). Distinct from the touch-driven docs-loop. See docs/development/docs-sync-discipline.md Lock 3."
|
|
14220
|
+
);
|
|
11507
14221
|
var worktreeDecisionGateInputSchema = z.object({
|
|
11508
14222
|
goCriteria: z.array(z.string()).describe("Criteria that must hold for the worktree to proceed."),
|
|
11509
14223
|
noGoSignals: z.array(z.string()).describe("Signals that stop or redirect the worktree."),
|
|
@@ -11536,6 +14250,9 @@ var addWorktreeArgs = z.object({
|
|
|
11536
14250
|
keyQuestions: z.array(worktreeKeyQuestionInputSchema).optional().describe("Inline key questions captured as part of the worktree plan."),
|
|
11537
14251
|
evidenceSignals: z.array(worktreeEvidenceSignalInputSchema).optional().describe("Evidence signals the worktree needs to collect or validate."),
|
|
11538
14252
|
decisionGate: worktreeDecisionGateInputSchema.optional(),
|
|
14253
|
+
docCompanionTargets: z.array(worktreeDocCompanionTargetSchema).optional().describe(
|
|
14254
|
+
"Doc sections the worktree promises to update at PR time. Enforced by pr-gate-reviewer (Lock 3)."
|
|
14255
|
+
),
|
|
11539
14256
|
goCriteria: z.array(z.string()).optional().describe("Shorthand go criteria used to build decisionGate."),
|
|
11540
14257
|
noGoSignals: z.array(z.string()).optional().describe("Shorthand no-go signals used to build decisionGate."),
|
|
11541
14258
|
proofArtifacts: z.array(z.unknown()).optional().describe("Expected proof artifacts required to close the worktree."),
|
|
@@ -11899,7 +14616,21 @@ var createTaskArgs = z.object({
|
|
|
11899
14616
|
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
11900
14617
|
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
11901
14618
|
dueDate: z.number().optional().describe("Due date as epoch milliseconds."),
|
|
11902
|
-
tags: z.array(z.string()).optional().describe("Free-form tags.")
|
|
14619
|
+
tags: z.array(z.string()).optional().describe("Free-form tags."),
|
|
14620
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
14621
|
+
});
|
|
14622
|
+
var updateTaskArgs = z.object({
|
|
14623
|
+
taskId: z.string().describe("Task to update."),
|
|
14624
|
+
title: z.string().optional().describe("Updated task title."),
|
|
14625
|
+
description: z.string().optional().describe("Updated task description."),
|
|
14626
|
+
priority: taskPrioritySchema.optional().describe("Updated priority."),
|
|
14627
|
+
status: taskStatusSchema2.optional().describe("Updated status."),
|
|
14628
|
+
linkedWorktreeId: z.string().optional().describe("Worktree this task belongs to."),
|
|
14629
|
+
linkedBeliefId: z.string().optional().describe("Belief this task supports."),
|
|
14630
|
+
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
14631
|
+
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
14632
|
+
blockedReason: z.string().optional().describe("Reason the task is blocked or deferred."),
|
|
14633
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
11903
14634
|
});
|
|
11904
14635
|
var createTaskInput = (input) => compactRecord4({
|
|
11905
14636
|
title: input.title,
|
|
@@ -11913,7 +14644,8 @@ var createTaskInput = (input) => compactRecord4({
|
|
|
11913
14644
|
linkedQuestionId: input.linkedQuestionId,
|
|
11914
14645
|
assigneeId: input.assigneeId,
|
|
11915
14646
|
dueDate: input.dueDate,
|
|
11916
|
-
tags: input.tags
|
|
14647
|
+
tags: input.tags,
|
|
14648
|
+
metadata: input.metadata
|
|
11917
14649
|
});
|
|
11918
14650
|
var taskInput = (input) => compactRecord4({
|
|
11919
14651
|
...input,
|
|
@@ -11930,8 +14662,7 @@ var taskTopicInput = (input) => {
|
|
|
11930
14662
|
};
|
|
11931
14663
|
var completeTaskInput = (input) => compactRecord4({
|
|
11932
14664
|
taskId: input.taskId ?? input.id,
|
|
11933
|
-
outputSummary: input.outputSummary ?? input.summary
|
|
11934
|
-
userId: input.userId
|
|
14665
|
+
outputSummary: input.outputSummary ?? input.summary
|
|
11935
14666
|
});
|
|
11936
14667
|
var tasksContracts = [
|
|
11937
14668
|
surfaceContract({
|
|
@@ -11949,6 +14680,7 @@ var tasksContracts = [
|
|
|
11949
14680
|
kind: "mutation",
|
|
11950
14681
|
inputProjection: createTaskInput
|
|
11951
14682
|
},
|
|
14683
|
+
gateway: { handler: "tasks.create" },
|
|
11952
14684
|
args: createTaskArgs
|
|
11953
14685
|
}),
|
|
11954
14686
|
surfaceContract({
|
|
@@ -11967,6 +14699,7 @@ var tasksContracts = [
|
|
|
11967
14699
|
kind: "query",
|
|
11968
14700
|
inputProjection: taskTopicInput
|
|
11969
14701
|
},
|
|
14702
|
+
gateway: { handler: "tasks.list" },
|
|
11970
14703
|
args: listTasksInputSchema
|
|
11971
14704
|
}),
|
|
11972
14705
|
surfaceContract({
|
|
@@ -11984,7 +14717,9 @@ var tasksContracts = [
|
|
|
11984
14717
|
functionName: "update",
|
|
11985
14718
|
kind: "mutation",
|
|
11986
14719
|
inputProjection: taskInput
|
|
11987
|
-
}
|
|
14720
|
+
},
|
|
14721
|
+
gateway: { handler: "tasks.update" },
|
|
14722
|
+
args: updateTaskArgs
|
|
11988
14723
|
}),
|
|
11989
14724
|
surfaceContract({
|
|
11990
14725
|
name: "complete_task",
|
|
@@ -12000,12 +14735,14 @@ var tasksContracts = [
|
|
|
12000
14735
|
functionName: "complete",
|
|
12001
14736
|
kind: "mutation",
|
|
12002
14737
|
inputProjection: completeTaskInput
|
|
12003
|
-
}
|
|
14738
|
+
},
|
|
14739
|
+
gateway: { handler: "tasks.complete" }
|
|
12004
14740
|
})
|
|
12005
14741
|
];
|
|
12006
14742
|
var CREATE_EDGE_TYPES = edgePolicyManifest.policies.map(
|
|
12007
14743
|
(policy) => policy.edgeType
|
|
12008
14744
|
);
|
|
14745
|
+
var REASONING_METHOD_TYPES = [...REASONING_METHODS];
|
|
12009
14746
|
var createEdgeArgs = z.object({
|
|
12010
14747
|
from: GraphRefSchema,
|
|
12011
14748
|
to: GraphRefSchema,
|
|
@@ -12015,10 +14752,37 @@ var createEdgeArgs = z.object({
|
|
|
12015
14752
|
confidence: z.number().optional(),
|
|
12016
14753
|
context: z.string().optional(),
|
|
12017
14754
|
reasoning: z.string().optional(),
|
|
14755
|
+
reasoningMethod: z.enum(REASONING_METHOD_TYPES).optional(),
|
|
12018
14756
|
derivationType: z.string().optional(),
|
|
14757
|
+
metadata: z.record(z.unknown()).optional(),
|
|
12019
14758
|
topicId: z.string().optional(),
|
|
12020
14759
|
trustedBypassAccessCheck: z.boolean().optional()
|
|
12021
14760
|
});
|
|
14761
|
+
var updateEdgeArgs = z.object({
|
|
14762
|
+
edgeId: z.string().describe("Edge ID or global ID."),
|
|
14763
|
+
weight: z.number().optional(),
|
|
14764
|
+
confidence: z.number().optional(),
|
|
14765
|
+
context: z.string().optional(),
|
|
14766
|
+
reasoning: z.string().optional(),
|
|
14767
|
+
derivationType: z.string().optional(),
|
|
14768
|
+
metadata: z.record(z.unknown()).optional(),
|
|
14769
|
+
userId: z.string().optional()
|
|
14770
|
+
});
|
|
14771
|
+
var removeEdgeArgs = z.object({
|
|
14772
|
+
edgeId: z.string().describe("Edge ID or global ID."),
|
|
14773
|
+
userId: z.string().optional()
|
|
14774
|
+
});
|
|
14775
|
+
var removeEdgesBetweenArgs = z.object({
|
|
14776
|
+
from: GraphRefSchema.optional(),
|
|
14777
|
+
to: GraphRefSchema.optional(),
|
|
14778
|
+
fromNodeId: z.string().optional(),
|
|
14779
|
+
toNodeId: z.string().optional(),
|
|
14780
|
+
edgeType: z.enum(CREATE_EDGE_TYPES).optional()
|
|
14781
|
+
});
|
|
14782
|
+
var batchCreateEdgesArgs = z.object({
|
|
14783
|
+
edges: z.array(createEdgeArgs),
|
|
14784
|
+
skipLayerValidation: z.boolean().optional()
|
|
14785
|
+
});
|
|
12022
14786
|
var queryLineageArgs = z.object({
|
|
12023
14787
|
nodeId: z.string().describe("Starting node to trace from."),
|
|
12024
14788
|
startNode: z.string().optional().describe("Starting node alias accepted by traversal callers."),
|
|
@@ -12067,7 +14831,9 @@ var edgesContracts = [
|
|
|
12067
14831
|
weight: parsed.weight,
|
|
12068
14832
|
confidence: parsed.confidence,
|
|
12069
14833
|
context: parsed.context ?? parsed.reasoning,
|
|
14834
|
+
reasoningMethod: parsed.reasoningMethod,
|
|
12070
14835
|
derivationType: parsed.derivationType,
|
|
14836
|
+
metadata: parsed.metadata,
|
|
12071
14837
|
skipLayerValidation: true,
|
|
12072
14838
|
topicId: parsed.topicId,
|
|
12073
14839
|
trustedBypassAccessCheck: parsed.trustedBypassAccessCheck
|
|
@@ -12078,6 +14844,131 @@ var edgesContracts = [
|
|
|
12078
14844
|
},
|
|
12079
14845
|
args: createEdgeArgs
|
|
12080
14846
|
}),
|
|
14847
|
+
surfaceContract({
|
|
14848
|
+
name: "update_edge",
|
|
14849
|
+
kind: "mutation",
|
|
14850
|
+
domain: "edges",
|
|
14851
|
+
surfaceClass: "platform_public",
|
|
14852
|
+
method: "PATCH",
|
|
14853
|
+
path: "/edges",
|
|
14854
|
+
sdkNamespace: "edges",
|
|
14855
|
+
sdkMethod: "updateEdge",
|
|
14856
|
+
summary: "Update an epistemic edge.",
|
|
14857
|
+
convex: {
|
|
14858
|
+
module: "edges",
|
|
14859
|
+
functionName: "update",
|
|
14860
|
+
kind: "mutation",
|
|
14861
|
+
inputProjection: (input, context) => compactRecord4({
|
|
14862
|
+
edgeId: input.edgeId,
|
|
14863
|
+
weight: input.weight,
|
|
14864
|
+
confidence: input.confidence,
|
|
14865
|
+
context: input.context ?? input.reasoning,
|
|
14866
|
+
derivationType: input.derivationType,
|
|
14867
|
+
metadata: input.metadata,
|
|
14868
|
+
userId: input.userId ?? context.userId ?? context.principalId
|
|
14869
|
+
})
|
|
14870
|
+
},
|
|
14871
|
+
args: updateEdgeArgs
|
|
14872
|
+
}),
|
|
14873
|
+
surfaceContract({
|
|
14874
|
+
name: "remove_edge",
|
|
14875
|
+
kind: "mutation",
|
|
14876
|
+
domain: "edges",
|
|
14877
|
+
surfaceClass: "platform_public",
|
|
14878
|
+
method: "DELETE",
|
|
14879
|
+
path: "/edges",
|
|
14880
|
+
sdkNamespace: "edges",
|
|
14881
|
+
sdkMethod: "removeEdge",
|
|
14882
|
+
summary: "Remove an epistemic edge.",
|
|
14883
|
+
convex: {
|
|
14884
|
+
module: "edges",
|
|
14885
|
+
functionName: "remove",
|
|
14886
|
+
kind: "mutation",
|
|
14887
|
+
inputProjection: (input, context) => compactRecord4({
|
|
14888
|
+
edgeId: input.edgeId,
|
|
14889
|
+
userId: input.userId ?? context.userId ?? context.principalId
|
|
14890
|
+
})
|
|
14891
|
+
},
|
|
14892
|
+
args: removeEdgeArgs
|
|
14893
|
+
}),
|
|
14894
|
+
surfaceContract({
|
|
14895
|
+
name: "remove_edges_between",
|
|
14896
|
+
kind: "mutation",
|
|
14897
|
+
domain: "edges",
|
|
14898
|
+
surfaceClass: "platform_public",
|
|
14899
|
+
method: "DELETE",
|
|
14900
|
+
path: "/edges/between",
|
|
14901
|
+
sdkNamespace: "edges",
|
|
14902
|
+
sdkMethod: "removeEdgesBetween",
|
|
14903
|
+
summary: "Remove epistemic edges between two nodes.",
|
|
14904
|
+
convex: {
|
|
14905
|
+
module: "edges",
|
|
14906
|
+
functionName: "removeBetween",
|
|
14907
|
+
kind: "mutation",
|
|
14908
|
+
inputProjection: (input) => {
|
|
14909
|
+
const parsed = removeEdgesBetweenArgs.parse(input);
|
|
14910
|
+
const fromNodeId = parsed.from ? graphRefNodeId(parsed.from) : parsed.fromNodeId;
|
|
14911
|
+
const toNodeId = parsed.to ? graphRefNodeId(parsed.to) : parsed.toNodeId;
|
|
14912
|
+
if (!fromNodeId || !toNodeId) {
|
|
14913
|
+
throw new Error("from/to or fromNodeId/toNodeId are required.");
|
|
14914
|
+
}
|
|
14915
|
+
return compactRecord4({
|
|
14916
|
+
fromNodeId,
|
|
14917
|
+
toNodeId,
|
|
14918
|
+
edgeType: parsed.edgeType
|
|
14919
|
+
});
|
|
14920
|
+
}
|
|
14921
|
+
},
|
|
14922
|
+
args: removeEdgesBetweenArgs
|
|
14923
|
+
}),
|
|
14924
|
+
surfaceContract({
|
|
14925
|
+
name: "batch_create_edges",
|
|
14926
|
+
kind: "mutation",
|
|
14927
|
+
domain: "edges",
|
|
14928
|
+
surfaceClass: "platform_public",
|
|
14929
|
+
path: "/edges/batch",
|
|
14930
|
+
sdkNamespace: "edges",
|
|
14931
|
+
sdkMethod: "batchCreateEdges",
|
|
14932
|
+
summary: "Batch create epistemic edges.",
|
|
14933
|
+
convex: {
|
|
14934
|
+
module: "edges",
|
|
14935
|
+
functionName: "batchCreate",
|
|
14936
|
+
kind: "mutation",
|
|
14937
|
+
inputProjection: (input, context) => {
|
|
14938
|
+
const parsed = batchCreateEdgesArgs.parse(input);
|
|
14939
|
+
return {
|
|
14940
|
+
skipLayerValidation: parsed.skipLayerValidation ?? true,
|
|
14941
|
+
edges: parsed.edges.map((edge) => {
|
|
14942
|
+
assertEdgePolicyAllowed(
|
|
14943
|
+
edgePolicyManifest,
|
|
14944
|
+
edge.edgeType,
|
|
14945
|
+
edge.from,
|
|
14946
|
+
edge.to
|
|
14947
|
+
);
|
|
14948
|
+
const fromNodeId = graphRefNodeId(edge.from);
|
|
14949
|
+
const toNodeId = graphRefNodeId(edge.to);
|
|
14950
|
+
return withCreatedBy(
|
|
14951
|
+
compactRecord4({
|
|
14952
|
+
fromNodeId,
|
|
14953
|
+
toNodeId,
|
|
14954
|
+
edgeType: edge.edgeType,
|
|
14955
|
+
globalId: edge.globalId ?? `edge:${fromNodeId}:${toNodeId}:${edge.edgeType}`,
|
|
14956
|
+
weight: edge.weight,
|
|
14957
|
+
confidence: edge.confidence,
|
|
14958
|
+
context: edge.context ?? edge.reasoning,
|
|
14959
|
+
reasoningMethod: edge.reasoningMethod,
|
|
14960
|
+
derivationType: edge.derivationType,
|
|
14961
|
+
metadata: edge.metadata,
|
|
14962
|
+
topicId: edge.topicId
|
|
14963
|
+
}),
|
|
14964
|
+
context
|
|
14965
|
+
);
|
|
14966
|
+
})
|
|
14967
|
+
};
|
|
14968
|
+
}
|
|
14969
|
+
},
|
|
14970
|
+
args: batchCreateEdgesArgs
|
|
14971
|
+
}),
|
|
12081
14972
|
surfaceContract({
|
|
12082
14973
|
name: "query_lineage",
|
|
12083
14974
|
kind: "query",
|
|
@@ -12800,6 +15691,69 @@ var pipelineContracts = [
|
|
|
12800
15691
|
}
|
|
12801
15692
|
})
|
|
12802
15693
|
];
|
|
15694
|
+
function isRecord3(value) {
|
|
15695
|
+
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
15696
|
+
}
|
|
15697
|
+
function stringValues(value) {
|
|
15698
|
+
if (typeof value === "string") {
|
|
15699
|
+
return [value];
|
|
15700
|
+
}
|
|
15701
|
+
if (Array.isArray(value)) {
|
|
15702
|
+
return value.flatMap((item) => stringValues(item));
|
|
15703
|
+
}
|
|
15704
|
+
return [];
|
|
15705
|
+
}
|
|
15706
|
+
function nestedEvidenceRows(value) {
|
|
15707
|
+
if (Array.isArray(value)) {
|
|
15708
|
+
return value.flatMap((item) => nestedEvidenceRows(item));
|
|
15709
|
+
}
|
|
15710
|
+
if (!isRecord3(value)) {
|
|
15711
|
+
return [];
|
|
15712
|
+
}
|
|
15713
|
+
const nestedKeys = ["evidence", "items", "nodes"];
|
|
15714
|
+
const nestedRows = nestedKeys.flatMap((key) => nestedEvidenceRows(value[key]));
|
|
15715
|
+
return nestedRows.length > 0 ? nestedRows : [value];
|
|
15716
|
+
}
|
|
15717
|
+
function isFailedAttemptRow(row) {
|
|
15718
|
+
const metadata = isRecord3(row.metadata) ? row.metadata : null;
|
|
15719
|
+
return metadata?.failedApproach === true || metadata?.isFailedAttempt === true;
|
|
15720
|
+
}
|
|
15721
|
+
function failureLogSearchFields(row) {
|
|
15722
|
+
const metadata = isRecord3(row.metadata) ? row.metadata : null;
|
|
15723
|
+
return [
|
|
15724
|
+
...stringValues(row.id),
|
|
15725
|
+
...stringValues(row._id),
|
|
15726
|
+
...stringValues(row.title),
|
|
15727
|
+
...stringValues(row.text),
|
|
15728
|
+
...stringValues(row.canonicalText),
|
|
15729
|
+
...stringValues(row.content),
|
|
15730
|
+
...stringValues(metadata?.codeAnchor),
|
|
15731
|
+
...stringValues(metadata?.codeAnchors),
|
|
15732
|
+
...stringValues(metadata?.anchor),
|
|
15733
|
+
...stringValues(metadata?.anchors),
|
|
15734
|
+
...stringValues(metadata?.filePath),
|
|
15735
|
+
...stringValues(metadata?.filePaths),
|
|
15736
|
+
...stringValues(metadata?.path),
|
|
15737
|
+
...stringValues(metadata?.paths),
|
|
15738
|
+
...stringValues(metadata?.sourceRef),
|
|
15739
|
+
...stringValues(metadata?.touchedPaths)
|
|
15740
|
+
];
|
|
15741
|
+
}
|
|
15742
|
+
function projectFailureLog(output, input) {
|
|
15743
|
+
const rawQuery = typeof input.query === "string" && input.query.trim().length > 0 ? input.query.trim() : void 0;
|
|
15744
|
+
const searchKey = rawQuery?.toLowerCase();
|
|
15745
|
+
const failures = nestedEvidenceRows(output).filter((row) => isFailedAttemptRow(row)).filter(
|
|
15746
|
+
(row) => !searchKey ? true : failureLogSearchFields(row).some(
|
|
15747
|
+
(field) => field.toLowerCase().includes(searchKey)
|
|
15748
|
+
)
|
|
15749
|
+
);
|
|
15750
|
+
return {
|
|
15751
|
+
query: rawQuery,
|
|
15752
|
+
failures,
|
|
15753
|
+
totalFound: failures.length,
|
|
15754
|
+
showing: failures.length
|
|
15755
|
+
};
|
|
15756
|
+
}
|
|
12803
15757
|
var recordScopeLearningArgs = z.object({
|
|
12804
15758
|
topicId: z.string().optional().describe("Topic scope ID"),
|
|
12805
15759
|
summary: z.string().describe("Atomic learning statement"),
|
|
@@ -12889,6 +15843,8 @@ var attemptInput = (input, context) => withUserId(
|
|
|
12889
15843
|
tags: ["code_attempt"],
|
|
12890
15844
|
metadata: compactRecord4({
|
|
12891
15845
|
...recordValue2(input.metadata),
|
|
15846
|
+
failedApproach: true,
|
|
15847
|
+
isFailedAttempt: true,
|
|
12892
15848
|
filePaths: input.filePaths,
|
|
12893
15849
|
filePath: input.filePath,
|
|
12894
15850
|
errorMessage: input.errorMessage,
|
|
@@ -13019,7 +15975,8 @@ var codingContracts = [
|
|
|
13019
15975
|
limit: input.limit,
|
|
13020
15976
|
status: input.status,
|
|
13021
15977
|
userId: input.userId
|
|
13022
|
-
})
|
|
15978
|
+
}),
|
|
15979
|
+
outputProjection: (output, input) => projectFailureLog(output, input)
|
|
13023
15980
|
}
|
|
13024
15981
|
})
|
|
13025
15982
|
];
|
|
@@ -13056,6 +16013,7 @@ var ALL_FUNCTION_CONTRACTS = [
|
|
|
13056
16013
|
...evidenceContracts,
|
|
13057
16014
|
...questionsContracts,
|
|
13058
16015
|
...topicsContracts,
|
|
16016
|
+
...nodesContracts,
|
|
13059
16017
|
...lensesContracts,
|
|
13060
16018
|
...ontologiesContracts,
|
|
13061
16019
|
...worktreesContracts,
|
|
@@ -13231,6 +16189,13 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13231
16189
|
copyMode: "none",
|
|
13232
16190
|
description: "Deliberation sessions are created by tenant workflows."
|
|
13233
16191
|
},
|
|
16192
|
+
{
|
|
16193
|
+
component: "kernel",
|
|
16194
|
+
table: "domainEvents",
|
|
16195
|
+
prepopulation: "runtime_log",
|
|
16196
|
+
copyMode: "none",
|
|
16197
|
+
description: "Domain event rows are append-only runtime audit/exhaust data."
|
|
16198
|
+
},
|
|
13234
16199
|
{
|
|
13235
16200
|
component: "kernel",
|
|
13236
16201
|
table: "epistemicAudit",
|
|
@@ -13480,14 +16445,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13480
16445
|
description: "Worktrees are tenant/runtime planning data."
|
|
13481
16446
|
},
|
|
13482
16447
|
{
|
|
13483
|
-
component: "
|
|
16448
|
+
component: "control-plane",
|
|
13484
16449
|
table: "agents",
|
|
13485
16450
|
prepopulation: "runtime_bootstrap",
|
|
13486
16451
|
copyMode: "none",
|
|
13487
16452
|
description: "Service agents are provisioned per tenant or service, not copied."
|
|
13488
16453
|
},
|
|
13489
16454
|
{
|
|
13490
|
-
component: "
|
|
16455
|
+
component: "control-plane",
|
|
13491
16456
|
table: "mcpWritePolicy",
|
|
13492
16457
|
prepopulation: "required_template",
|
|
13493
16458
|
copyMode: "template_global",
|
|
@@ -13496,14 +16461,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13496
16461
|
description: "Global write policy defaults govern service and interactive MCP writes."
|
|
13497
16462
|
},
|
|
13498
16463
|
{
|
|
13499
|
-
component: "
|
|
16464
|
+
component: "control-plane",
|
|
13500
16465
|
table: "modelCallLogs",
|
|
13501
16466
|
prepopulation: "runtime_log",
|
|
13502
16467
|
copyMode: "none",
|
|
13503
16468
|
description: "Model call logs are runtime telemetry."
|
|
13504
16469
|
},
|
|
13505
16470
|
{
|
|
13506
|
-
component: "
|
|
16471
|
+
component: "control-plane",
|
|
13507
16472
|
table: "modelFunctionSlots",
|
|
13508
16473
|
prepopulation: "required_template",
|
|
13509
16474
|
copyMode: "template_global",
|
|
@@ -13512,7 +16477,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13512
16477
|
description: "Function-to-model slots are required by model runtime resolution."
|
|
13513
16478
|
},
|
|
13514
16479
|
{
|
|
13515
|
-
component: "
|
|
16480
|
+
component: "control-plane",
|
|
13516
16481
|
table: "modelRegistry",
|
|
13517
16482
|
prepopulation: "required_template",
|
|
13518
16483
|
copyMode: "template_global",
|
|
@@ -13521,7 +16486,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13521
16486
|
description: "Model catalog defaults are required by model runtime clients."
|
|
13522
16487
|
},
|
|
13523
16488
|
{
|
|
13524
|
-
component: "
|
|
16489
|
+
component: "control-plane",
|
|
13525
16490
|
table: "modelSlotConfigs",
|
|
13526
16491
|
prepopulation: "required_template",
|
|
13527
16492
|
copyMode: "template_global",
|
|
@@ -13530,14 +16495,105 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13530
16495
|
description: "Slot-level defaults are required before tenant overrides exist."
|
|
13531
16496
|
},
|
|
13532
16497
|
{
|
|
13533
|
-
component: "
|
|
16498
|
+
component: "control-plane",
|
|
16499
|
+
table: "permitAccessReviewItems",
|
|
16500
|
+
prepopulation: "runtime_data",
|
|
16501
|
+
copyMode: "none",
|
|
16502
|
+
description: "Permit access-review item rows are tenant review data projected from Permit."
|
|
16503
|
+
},
|
|
16504
|
+
{
|
|
16505
|
+
component: "control-plane",
|
|
16506
|
+
table: "permitAccessReviews",
|
|
16507
|
+
prepopulation: "runtime_data",
|
|
16508
|
+
copyMode: "none",
|
|
16509
|
+
description: "Permit access-review campaigns are tenant review data projected from Permit."
|
|
16510
|
+
},
|
|
16511
|
+
{
|
|
16512
|
+
component: "control-plane",
|
|
16513
|
+
table: "permitAttributeBindings",
|
|
16514
|
+
prepopulation: "runtime_data",
|
|
16515
|
+
copyMode: "none",
|
|
16516
|
+
description: "Permit ABAC attribute bindings are tenant policy projection rows."
|
|
16517
|
+
},
|
|
16518
|
+
{
|
|
16519
|
+
component: "control-plane",
|
|
16520
|
+
table: "permitGroups",
|
|
16521
|
+
prepopulation: "runtime_data",
|
|
16522
|
+
copyMode: "none",
|
|
16523
|
+
description: "Permit groups are tenant-defined policy subjects, not template data."
|
|
16524
|
+
},
|
|
16525
|
+
{
|
|
16526
|
+
component: "control-plane",
|
|
16527
|
+
table: "permitGroupMemberships",
|
|
16528
|
+
prepopulation: "runtime_data",
|
|
16529
|
+
copyMode: "none",
|
|
16530
|
+
description: "Permit group memberships are tenant-specific policy projection rows."
|
|
16531
|
+
},
|
|
16532
|
+
{
|
|
16533
|
+
component: "control-plane",
|
|
16534
|
+
table: "permitPolicyBundles",
|
|
16535
|
+
prepopulation: "runtime_derived",
|
|
16536
|
+
copyMode: "none",
|
|
16537
|
+
description: "Permit policy bundles are derived from the Permit control plane."
|
|
16538
|
+
},
|
|
16539
|
+
{
|
|
16540
|
+
component: "control-plane",
|
|
16541
|
+
table: "permitPolicyDecisionReceipts",
|
|
16542
|
+
prepopulation: "runtime_log",
|
|
16543
|
+
copyMode: "none",
|
|
16544
|
+
description: "Permit decision receipts are runtime authorization audit logs."
|
|
16545
|
+
},
|
|
16546
|
+
{
|
|
16547
|
+
component: "control-plane",
|
|
16548
|
+
table: "permitPrincipalAliases",
|
|
16549
|
+
prepopulation: "runtime_data",
|
|
16550
|
+
copyMode: "none",
|
|
16551
|
+
description: "Permit principal aliases are tenant-specific identity projection rows."
|
|
16552
|
+
},
|
|
16553
|
+
{
|
|
16554
|
+
component: "control-plane",
|
|
16555
|
+
table: "permitPrincipals",
|
|
16556
|
+
prepopulation: "runtime_data",
|
|
16557
|
+
copyMode: "none",
|
|
16558
|
+
description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows."
|
|
16559
|
+
},
|
|
16560
|
+
{
|
|
16561
|
+
component: "control-plane",
|
|
16562
|
+
table: "permitProjectionOutbox",
|
|
16563
|
+
prepopulation: "runtime_queue",
|
|
16564
|
+
copyMode: "none",
|
|
16565
|
+
description: "Permit projection outbox rows are runtime sync queue data."
|
|
16566
|
+
},
|
|
16567
|
+
{
|
|
16568
|
+
component: "control-plane",
|
|
16569
|
+
table: "permitRelationshipTuples",
|
|
16570
|
+
prepopulation: "runtime_data",
|
|
16571
|
+
copyMode: "none",
|
|
16572
|
+
description: "Permit ReBAC relationship tuples are tenant policy projection rows."
|
|
16573
|
+
},
|
|
16574
|
+
{
|
|
16575
|
+
component: "control-plane",
|
|
16576
|
+
table: "permitResourceInstances",
|
|
16577
|
+
prepopulation: "runtime_data",
|
|
16578
|
+
copyMode: "none",
|
|
16579
|
+
description: "Permit resource instances are tenant/workspace graph and deployment projection rows."
|
|
16580
|
+
},
|
|
16581
|
+
{
|
|
16582
|
+
component: "control-plane",
|
|
16583
|
+
table: "permitRoleAssignments",
|
|
16584
|
+
prepopulation: "runtime_data",
|
|
16585
|
+
copyMode: "none",
|
|
16586
|
+
description: "Permit role assignments are tenant-specific policy projection rows."
|
|
16587
|
+
},
|
|
16588
|
+
{
|
|
16589
|
+
component: "control-plane",
|
|
13534
16590
|
table: "platformAudienceGrants",
|
|
13535
16591
|
prepopulation: "runtime_data",
|
|
13536
16592
|
copyMode: "none",
|
|
13537
16593
|
description: "Audience grants are principal/group-specific access rows."
|
|
13538
16594
|
},
|
|
13539
16595
|
{
|
|
13540
|
-
component: "
|
|
16596
|
+
component: "control-plane",
|
|
13541
16597
|
table: "platformAudiences",
|
|
13542
16598
|
prepopulation: "required_template",
|
|
13543
16599
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13546,35 +16602,35 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13546
16602
|
description: "Default tenant audience taxonomy rows are rewritten into each tenant."
|
|
13547
16603
|
},
|
|
13548
16604
|
{
|
|
13549
|
-
component: "
|
|
16605
|
+
component: "control-plane",
|
|
13550
16606
|
table: "platformPolicyDecisionLogs",
|
|
13551
16607
|
prepopulation: "runtime_log",
|
|
13552
16608
|
copyMode: "none",
|
|
13553
16609
|
description: "Policy decisions are runtime audit logs."
|
|
13554
16610
|
},
|
|
13555
16611
|
{
|
|
13556
|
-
component: "
|
|
16612
|
+
component: "control-plane",
|
|
13557
16613
|
table: "projectGrants",
|
|
13558
16614
|
prepopulation: "runtime_data",
|
|
13559
16615
|
copyMode: "none",
|
|
13560
16616
|
description: "Project/topic grants are principal or group-specific access rows."
|
|
13561
16617
|
},
|
|
13562
16618
|
{
|
|
13563
|
-
component: "
|
|
16619
|
+
component: "control-plane",
|
|
13564
16620
|
table: "reasoningPermissions",
|
|
13565
16621
|
prepopulation: "runtime_data",
|
|
13566
16622
|
copyMode: "none",
|
|
13567
16623
|
description: "Reasoning permissions are principal-specific policy rows."
|
|
13568
16624
|
},
|
|
13569
16625
|
{
|
|
13570
|
-
component: "
|
|
16626
|
+
component: "control-plane",
|
|
13571
16627
|
table: "tenantApiKeys",
|
|
13572
16628
|
prepopulation: "runtime_secret",
|
|
13573
16629
|
copyMode: "none",
|
|
13574
16630
|
description: "API keys are tenant credentials and must never be copied."
|
|
13575
16631
|
},
|
|
13576
16632
|
{
|
|
13577
|
-
component: "
|
|
16633
|
+
component: "control-plane",
|
|
13578
16634
|
table: "tenantConfig",
|
|
13579
16635
|
prepopulation: "required_template",
|
|
13580
16636
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13583,7 +16639,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13583
16639
|
description: "Tenant-local config defaults are rewritten during bootstrap."
|
|
13584
16640
|
},
|
|
13585
16641
|
{
|
|
13586
|
-
component: "
|
|
16642
|
+
component: "control-plane",
|
|
13587
16643
|
table: "tenantIntegrations",
|
|
13588
16644
|
prepopulation: "required_template",
|
|
13589
16645
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13592,14 +16648,21 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13592
16648
|
description: "Non-secret integration descriptors are rewritten into each tenant."
|
|
13593
16649
|
},
|
|
13594
16650
|
{
|
|
13595
|
-
component: "
|
|
16651
|
+
component: "control-plane",
|
|
13596
16652
|
table: "tenantModelSlotBindings",
|
|
13597
16653
|
prepopulation: "runtime_secret",
|
|
13598
16654
|
copyMode: "none",
|
|
13599
16655
|
description: "Tenant model slot bindings reference provider secrets and are runtime-only."
|
|
13600
16656
|
},
|
|
13601
16657
|
{
|
|
13602
|
-
component: "
|
|
16658
|
+
component: "control-plane",
|
|
16659
|
+
table: "tenantPermitSyncStates",
|
|
16660
|
+
prepopulation: "runtime_derived",
|
|
16661
|
+
copyMode: "none",
|
|
16662
|
+
description: "Tenant Permit sync state rows are runtime reconciliation state."
|
|
16663
|
+
},
|
|
16664
|
+
{
|
|
16665
|
+
component: "control-plane",
|
|
13603
16666
|
table: "tenantPolicies",
|
|
13604
16667
|
prepopulation: "required_template",
|
|
13605
16668
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13608,42 +16671,42 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13608
16671
|
description: "Default tenant policy roles are rewritten during bootstrap."
|
|
13609
16672
|
},
|
|
13610
16673
|
{
|
|
13611
|
-
component: "
|
|
16674
|
+
component: "control-plane",
|
|
13612
16675
|
table: "tenantProviderSecrets",
|
|
13613
16676
|
prepopulation: "runtime_secret",
|
|
13614
16677
|
copyMode: "none",
|
|
13615
16678
|
description: "Provider secrets are credentials and must never be copied."
|
|
13616
16679
|
},
|
|
13617
16680
|
{
|
|
13618
|
-
component: "
|
|
16681
|
+
component: "control-plane",
|
|
13619
16682
|
table: "tenantProxyGatewayUsage",
|
|
13620
16683
|
prepopulation: "runtime_log",
|
|
13621
16684
|
copyMode: "none",
|
|
13622
16685
|
description: "Proxy gateway usage rows are runtime telemetry."
|
|
13623
16686
|
},
|
|
13624
16687
|
{
|
|
13625
|
-
component: "
|
|
16688
|
+
component: "control-plane",
|
|
13626
16689
|
table: "tenantProxyTokenMints",
|
|
13627
16690
|
prepopulation: "runtime_secret",
|
|
13628
16691
|
copyMode: "none",
|
|
13629
16692
|
description: "Proxy token mints are ephemeral secret-bearing runtime rows."
|
|
13630
16693
|
},
|
|
13631
16694
|
{
|
|
13632
|
-
component: "
|
|
16695
|
+
component: "control-plane",
|
|
13633
16696
|
table: "tenantSandboxAuditEvents",
|
|
13634
16697
|
prepopulation: "runtime_log",
|
|
13635
16698
|
copyMode: "none",
|
|
13636
16699
|
description: "Sandbox audit rows are runtime security logs."
|
|
13637
16700
|
},
|
|
13638
16701
|
{
|
|
13639
|
-
component: "
|
|
16702
|
+
component: "control-plane",
|
|
13640
16703
|
table: "tenantSecrets",
|
|
13641
16704
|
prepopulation: "runtime_secret",
|
|
13642
16705
|
copyMode: "none",
|
|
13643
16706
|
description: "Tenant secrets are credentials and must never be copied."
|
|
13644
16707
|
},
|
|
13645
16708
|
{
|
|
13646
|
-
component: "
|
|
16709
|
+
component: "control-plane",
|
|
13647
16710
|
table: "toolAcls",
|
|
13648
16711
|
prepopulation: "required_template",
|
|
13649
16712
|
copyMode: "template_global",
|
|
@@ -13652,7 +16715,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13652
16715
|
description: "Default role-to-tool grants are required for SDK/MCP tool access."
|
|
13653
16716
|
},
|
|
13654
16717
|
{
|
|
13655
|
-
component: "
|
|
16718
|
+
component: "control-plane",
|
|
13656
16719
|
table: "toolRegistry",
|
|
13657
16720
|
prepopulation: "required_template",
|
|
13658
16721
|
copyMode: "template_global",
|
|
@@ -13661,7 +16724,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13661
16724
|
description: "Core tool catalog rows are required before pack or tenant tools exist."
|
|
13662
16725
|
},
|
|
13663
16726
|
{
|
|
13664
|
-
component: "
|
|
16727
|
+
component: "control-plane",
|
|
13665
16728
|
table: "users",
|
|
13666
16729
|
prepopulation: "runtime_bootstrap",
|
|
13667
16730
|
copyMode: "none",
|